Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12109)

2023-02-07T00:00:00

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12109 advisory. - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628) - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524) - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896) - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895) - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662) - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "ORACLELINUX_ELSA-2023-12109.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12109)", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12109 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-02-07T00:00:00", "modified": "2023-02-07T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/171104", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://linux.oracle.com/errata/ELSA-2023-12109.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3524", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4662", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896"], "cvelist": ["CVE-2022-3524", "CVE-2022-3564", "CVE-2022-3628", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4662"], "immutableFields": [], "lastseen": "2023-05-17T16:41:40", "viewCount": 1, "enchantments": {"score": {"value": 8.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2023:0951", "ALSA-2023:0979", "ALSA-2023:2148", "ALSA-2023:2458"]}, {"type": "amazon", "idList": ["ALAS-2022-1645", "ALAS-2022-1888", "ALAS-2023-1707", "ALAS2-2022-1888", "ALAS2-2022-1903"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cnvd", "idList": ["CNVD-2023-06532"]}, {"type": "cve", "idList": ["CVE-2022-3524", "CVE-2022-3564", "CVE-2022-3628", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4662"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3244-1:12088", "DEBIAN:DLA-3245-1:5D45B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-3524", "DEBIANCVE:CVE-2022-3564", "DEBIANCVE:CVE-2022-3628", "DEBIANCVE:CVE-2022-42895", "DEBIANCVE:CVE-2022-42896", "DEBIANCVE:CVE-2022-4662"]}, {"type": "githubexploit", "idList": ["48A6CF92-30C0-5ABD-894A-38DE0329DA11", "75991DB8-5059-57ED-BB85-3A5F3309F92C", "9080771D-5FCF-52BA-A72B-EC1BD7CF79B7", "BDD6E431-5CC7-5183-A9D8-4870D7DF5670", "BEF9C9DA-D16B-58C7-AD6A-7A645E871F56", "CE3B1D33-B4CA-596B-88B1-7DAA7FF99D30"]}, {"type": "mageia", "idList": ["MGASA-2022-0442", "MGASA-2022-0443"]}, {"type": "nessus", "idList": ["AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2022-1888.NASL", "AL2_ALAS-2022-1903.NASL", "AL2_ALASKERNEL-5_10-2022-023.NASL", "AL2_ALASKERNEL-5_15-2022-011.NASL", "AL2_ALASKERNEL-5_4-2022-039.NASL", "ALA_ALAS-2022-1645.NASL", "ALA_ALAS-2023-1707.NASL", "ALMA_LINUX_ALSA-2023-0951.NASL", "ALMA_LINUX_ALSA-2023-0979.NASL", "ALMA_LINUX_ALSA-2023-1008.NASL", "ALMA_LINUX_ALSA-2023-2148.NASL", "ALMA_LINUX_ALSA-2023-2458.NASL", "DEBIAN_DLA-3244.NASL", "DEBIAN_DLA-3245.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2023-1012.NASL", "EULEROS_SA-2023-1037.NASL", "EULEROS_SA-2023-1102.NASL", "EULEROS_SA-2023-1126.NASL", "EULEROS_SA-2023-1360.NASL", "EULEROS_SA-2023-1388.NASL", "EULEROS_SA-2023-1444.NASL", "EULEROS_SA-2023-1469.NASL", "EULEROS_SA-2023-1507.NASL", "EULEROS_SA-2023-1526.NASL", "EULEROS_SA-2023-1551.NASL", "EULEROS_SA-2023-1614.NASL", "EULEROS_SA-2023-1637.NASL", "EULEROS_SA-2023-1671.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-1759.NASL", "EULEROS_SA-2023-1781.NASL", "EULEROS_SA-2023-1902.NASL", "EULEROS_SA-2023-1933.NASL", "MARINER_KERNEL_CVE-2022-4662.NASL", "ORACLELINUX_ELSA-2023-0951.NASL", "ORACLELINUX_ELSA-2023-12008.NASL", "ORACLELINUX_ELSA-2023-12009.NASL", "ORACLELINUX_ELSA-2023-12017.NASL", "ORACLELINUX_ELSA-2023-12018.NASL", "ORACLELINUX_ELSA-2023-12117.NASL", "ORACLELINUX_ELSA-2023-12118.NASL", "ORACLELINUX_ELSA-2023-12119.NASL", "ORACLELINUX_ELSA-2023-12121.NASL", "ORACLELINUX_ELSA-2023-2458.NASL", "REDHAT-RHSA-2023-0856.NASL", "REDHAT-RHSA-2023-0858.NASL", "REDHAT-RHSA-2023-0951.NASL", "REDHAT-RHSA-2023-0979.NASL", "REDHAT-RHSA-2023-1008.NASL", "REDHAT-RHSA-2023-1202.NASL", "REDHAT-RHSA-2023-1203.NASL", "REDHAT-RHSA-2023-1220.NASL", "REDHAT-RHSA-2023-1221.NASL", "REDHAT-RHSA-2023-1251.NASL", "REDHAT-RHSA-2023-1435.NASL", "REDHAT-RHSA-2023-1559.NASL", "REDHAT-RHSA-2023-1560.NASL", "REDHAT-RHSA-2023-1666.NASL", "REDHAT-RHSA-2023-2148.NASL", "REDHAT-RHSA-2023-2458.NASL", "REDHAT-RHSA-2023-2736.NASL", "REDHAT-RHSA-2023-2951.NASL", "ROCKY_LINUX_RLSA-2023-0979.NASL", "SLACKWARE_SSA_2022-333-01.NASL", "SUSE_SU-2022-3897-1.NASL", "SUSE_SU-2022-3929-1.NASL", "SUSE_SU-2022-3930-1.NASL", "SUSE_SU-2022-3998-1.NASL", "SUSE_SU-2022-4053-1.NASL", "SUSE_SU-2022-4072-1.NASL", "SUSE_SU-2022-4272-1.NASL", "SUSE_SU-2022-4273-1.NASL", "SUSE_SU-2022-4503-1.NASL", "SUSE_SU-2022-4504-1.NASL", "SUSE_SU-2022-4505-1.NASL", "SUSE_SU-2022-4561-1.NASL", "SUSE_SU-2022-4566-1.NASL", "SUSE_SU-2022-4573-1.NASL", "SUSE_SU-2022-4574-1.NASL", "SUSE_SU-2022-4585-1.NASL", "SUSE_SU-2022-4589-1.NASL", "SUSE_SU-2022-4611-1.NASL", "SUSE_SU-2022-4613-1.NASL", "SUSE_SU-2022-4614-1.NASL", "SUSE_SU-2022-4615-1.NASL", "SUSE_SU-2022-4616-1.NASL", "SUSE_SU-2022-4617-1.NASL", "SUSE_SU-2023-0145-1.NASL", "SUSE_SU-2023-0146-1.NASL", "SUSE_SU-2023-0147-1.NASL", "SUSE_SU-2023-0148-1.NASL", "SUSE_SU-2023-0149-1.NASL", "SUSE_SU-2023-0152-1.NASL", "SUSE_SU-2023-0406-1.NASL", "SUSE_SU-2023-0407-1.NASL", "SUSE_SU-2023-0410-1.NASL", "SUSE_SU-2023-0420-1.NASL", "SUSE_SU-2023-0519-1.NASL", "SUSE_SU-2023-0522-1.NASL", "SUSE_SU-2023-0525-1.NASL", "SUSE_SU-2023-0528-1.NASL", "SUSE_SU-2023-0547-1.NASL", "SUSE_SU-2023-0552-1.NASL", "SUSE_SU-2023-0553-1.NASL", "SUSE_SU-2023-0560-1.NASL", "SUSE_SU-2023-0562-1.NASL", "SUSE_SU-2023-0578-1.NASL", "SUSE_SU-2023-0618-1.NASL", "SUSE_SU-2023-0634-1.NASL", "SUSE_SU-2023-0637-1.NASL", "UBUNTU_USN-5754-1.NASL", "UBUNTU_USN-5754-2.NASL", "UBUNTU_USN-5755-1.NASL", "UBUNTU_USN-5755-2.NASL", "UBUNTU_USN-5756-1.NASL", "UBUNTU_USN-5756-2.NASL", "UBUNTU_USN-5756-3.NASL", "UBUNTU_USN-5757-1.NASL", "UBUNTU_USN-5757-2.NASL", "UBUNTU_USN-5758-1.NASL", "UBUNTU_USN-5773-1.NASL", "UBUNTU_USN-5774-1.NASL", "UBUNTU_USN-5779-1.NASL", "UBUNTU_USN-5780-1.NASL", "UBUNTU_USN-5783-1.NASL", "UBUNTU_USN-5789-1.NASL", "UBUNTU_USN-5794-1.NASL", "UBUNTU_USN-5802-1.NASL", "UBUNTU_USN-5803-1.NASL", "UBUNTU_USN-5804-1.NASL", "UBUNTU_USN-5804-2.NASL", "UBUNTU_USN-5808-1.NASL", "UBUNTU_USN-5809-1.NASL", "UBUNTU_USN-5813-1.NASL", "UBUNTU_USN-5814-1.NASL", "UBUNTU_USN-5829-1.NASL", "UBUNTU_USN-5830-1.NASL", "UBUNTU_USN-5831-1.NASL", "UBUNTU_USN-5832-1.NASL", "UBUNTU_USN-5850-1.NASL", "UBUNTU_USN-5851-1.NASL", "UBUNTU_USN-5853-1.NASL", "UBUNTU_USN-5858-1.NASL", "UBUNTU_USN-5859-1.NASL", "UBUNTU_USN-5860-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5863-1.NASL", "UBUNTU_USN-5874-1.NASL", "UBUNTU_USN-5875-1.NASL", "UBUNTU_USN-5876-1.NASL", "UBUNTU_USN-5877-1.NASL", "UBUNTU_USN-5878-1.NASL", "UBUNTU_USN-5879-1.NASL", "UBUNTU_USN-5883-1.NASL", "UBUNTU_USN-5884-1.NASL", "UBUNTU_USN-5909-1.NASL", "UBUNTU_USN-5914-1.NASL", "UBUNTU_USN-5918-1.NASL", "UBUNTU_USN-5919-1.NASL", "UBUNTU_USN-5920-1.NASL", "UBUNTU_USN-5925-1.NASL", "UBUNTU_USN-5926-1.NASL", "UBUNTU_USN-5927-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-5976-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6007-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6071-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2023-0951", "ELSA-2023-12008", "ELSA-2023-12009", "ELSA-2023-12017", "ELSA-2023-12018", "ELSA-2023-12109", "ELSA-2023-12117", "ELSA-2023-12118", "ELSA-2023-12119", "ELSA-2023-12121", "ELSA-2023-2458"]}, {"type": "osv", "idList": ["OSV:DLA-3244-1", "OSV:DLA-3245-1"]}, {"type": "photon", "idList": ["PHSA-2022-0280", "PHSA-2022-0293", "PHSA-2022-0299", "PHSA-2022-3.0-0488", "PHSA-2022-3.0-0504", "PHSA-2022-4.0-0280", "PHSA-2022-4.0-0293", "PHSA-2022-4.0-0299"]}, {"type": "redhat", "idList": ["RHSA-2023:0856", "RHSA-2023:0858", "RHSA-2023:0951", "RHSA-2023:0979", "RHSA-2023:1008", "RHSA-2023:1202", "RHSA-2023:1203", "RHSA-2023:1220", "RHSA-2023:1221", "RHSA-2023:1251", "RHSA-2023:1392", "RHSA-2023:1393", "RHSA-2023:1435", "RHSA-2023:1559", "RHSA-2023:1560", "RHSA-2023:1666", "RHSA-2023:2148", "RHSA-2023:2458", "RHSA-2023:2951"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-3524", "RH:CVE-2022-3564", "RH:CVE-2022-3628", "RH:CVE-2022-42895", "RH:CVE-2022-42896", "RH:CVE-2022-4662"]}, {"type": "rocky", "idList": ["RLSA-2023:0979", "RXSA-2023:0951"]}, {"type": "slackware", "idList": ["SSA-2022-333-01"]}, {"type": "suse", "idList": ["SUSE-SU-2022:3897-1"]}, {"type": "ubuntu", "idList": ["LSN-0092-1", "USN-5754-1", "USN-5754-2", "USN-5755-1", "USN-5755-2", "USN-5756-1", "USN-5756-2", "USN-5756-3", "USN-5757-1", "USN-5757-2", "USN-5758-1", "USN-5773-1", "USN-5774-1", "USN-5779-1", "USN-5780-1", "USN-5783-1", "USN-5789-1", "USN-5794-1", "USN-5802-1", "USN-5803-1", "USN-5804-1", "USN-5804-2", "USN-5808-1", "USN-5809-1", "USN-5813-1", "USN-5814-1", "USN-5829-1", "USN-5830-1", "USN-5831-1", "USN-5832-1", "USN-5850-1", "USN-5851-1", "USN-5853-1", "USN-5858-1", "USN-5859-1", "USN-5860-1", "USN-5861-1", "USN-5863-1", "USN-5874-1", "USN-5875-1", "USN-5876-1", "USN-5877-1", "USN-5878-1", "USN-5879-1", "USN-5883-1", "USN-5884-1", "USN-5909-1", "USN-5914-1", "USN-5918-1", "USN-5919-1", "USN-5920-1", "USN-5924-1", "USN-5925-1", "USN-5926-1", "USN-5927-1", "USN-5975-1", "USN-5976-1", "USN-6001-1", "USN-6007-1", "USN-6013-1", "USN-6014-1", "USN-6071-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-3524", "UB:CVE-2022-3564", "UB:CVE-2022-3628", "UB:CVE-2022-42895", "UB:CVE-2022-42896", "UB:CVE-2022-4662"]}, {"type": "veracode", "idList": ["VERACODE:38352", "VERACODE:38358", "VERACODE:38886", "VERACODE:39206", "VERACODE:39208"]}, {"type": "virtuozzo", "idList": ["VZA-2023-004", "VZA-2023-007"]}]}, "epss": [{"cve": "CVE-2022-3524", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3564", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-3628", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-42895", "epss": 0.00052, "percentile": 0.1857, "modified": "2023-05-02"}, {"cve": "CVE-2022-42896", "epss": 0.00112, "percentile": 0.43079, "modified": "2023-05-02"}, {"cve": "CVE-2022-4662", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}], "vulnersScore": 8.5}, "_state": {"score": 1684381951, "dependencies": 1684378569, "epss": 0}, "_internal": {"score_hash": "79dee6ac8247358025cd643d4a2202ea"}, "pluginID": "171104", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12109.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171104);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/07\");\n\n script_cve_id(\n \"CVE-2022-3524\",\n \"CVE-2022-3564\",\n \"CVE-2022-3628\",\n \"CVE-2022-4662\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12109)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12109 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12109.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.71.3.el6uek', '4.1.12-124.71.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12109');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.71.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.71.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.71.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.71.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.71.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.71.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.71.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.71.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.71.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.71.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.71.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.71.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-42896", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2023-02-07T00:00:00", "vulnerabilityPublicationDate": "2022-10-16T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2023-05-27T15:15:47", "description": "[4.1.12-124.71.3]\n- USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662}\n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896}\n- Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307] \n- ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035]\n[4.1.12-124.71.2]\n- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763] \n- check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865] \n- KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865] \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564}\n- Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564}\n[4.1.12-124.71.1]\n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895}\n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628}\n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524}", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-07T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3524", "CVE-2022-3564", "CVE-2022-3628", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4662"], "modified": "2023-02-07T00:00:00", "id": "ELSA-2023-12109", "href": "http://linux.oracle.com/errata/ELSA-2023-12109.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:54", "description": "[4.14.35-2047.522.3]\n- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303}\n- net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] \n- net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] \n- Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700111] \n- net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 28720880] \n- net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600821] \n- net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560682] \n- net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556027]\n[4.14.35-2047.522.2]\n- tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 34961109] \n- vhost-scsi: Fix max number of virtqueues (Mike Christie) [Orabug: 34915131] \n- net/rds: drop rs_transport module reference count on error (Gerd Rausch) [Orabug: 34500808] \n- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (Gulam Mohamed) [Orabug: 34306796] \n- IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34105979] \n- net/rds: rds_tcp_accept_one ought to not discard messages (Gerd Rausch) [Orabug: 34488377] \n- net/rds: No shortcut out of RDS_CONN_ERROR (Gerd Rausch) [Orabug: 34276065] \n- net/rds: Don't force state RDS_CONN_RESETTING (Gerd Rausch) [Orabug: 34276065] \n- net/rds: Preserve essential connection state flags (Gerd Rausch) [Orabug: 34276065]\n[4.14.35-2047.522.1]\n- uek-rpm: ol7: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: ol7: Add Symtypes files (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: ol7: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: Add kabi tool and documentation (Stephen Brennan) [Orabug: 34879138] \n- xfs: don't reuse busy extents on extent trim (Brian Foster) [Orabug: 34605583] \n- RDMA/ucma: Put a lock around every call to the rdma_cm layer (Jason Gunthorpe) [Orabug: 34106064] \n- LTS version: v4.14.302 (Saeed Mirzamohammadi) \n- net: mvneta: Fix an out of bounds check (Dan Carpenter) \n- ipv6: avoid use-after-free in ip6_fragment() (Eric Dumazet) \n- net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() (Yang Yingliang) \n- ethernet: aeroflex: fix potential skb leak in greth_init_rings() (Zhang Changzhong) \n- tipc: Fix potential OOB in tipc_link_proto_rcv() (YueHaibing) \n- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (Liu Jian) \n- net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (Liu Jian) \n- net: stmmac: fix 'snps,axi-config' node property parsing (Jisheng Zhang) \n- NFC: nci: Bounds check struct nfc_target arrays (Kees Cook) \n- net: mvneta: Prevent out of bounds read in mvneta_config_rss() (Dan Carpenter) \n- net: encx24j600: Fix invalid logic in reading of MISTAT register (Valentina Goncharenko) \n- net: encx24j600: Add parentheses to fix precedence (Valentina Goncharenko) \n- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (Wei Yongjun) \n- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (Wang ShaoBo) \n- igb: Allocate MSI-X vector when testing (Akihiko Odaki) \n- e1000e: Fix TX dispatch condition (Akihiko Odaki) \n- gpio: amd8111: Fix PCI device reference count leak (Xiongfeng Wang) \n- ca8210: Fix crash by zero initializing data (Hauke Mehrtens) \n- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (Ziyang Xuan) \n- HID: core: fix shift-out-of-bounds in hid_report_raw_event (ZhangPeng) \n- HID: hid-lg4ff: Add check for empty lbuf (Anastasia Belova) \n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) \n- memcg: fix possible use-after-free in memcg_write_event_control() (Tejun Heo) \n- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (Hans Verkuil) \n- xen/netback: do some code cleanup (Juergen Gross) \n- net: usb: qmi_wwan: add u-blox 0x1342 composition (Davide Tronchin) \n- regulator: twl6030: fix get status of twl6032 regulators (Andreas Kemnade) \n- ASoC: soc-pcm: Add NULL check in BE reparenting (Srinivasa Rao Mandadapu) \n- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (Kees Cook) \n- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (Johan Jonker) \n- ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation (Giulio Benetti) \n- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (Tomislav Novak) \n- ARM: dts: rockchip: fix ir-receiver node names (Johan Jonker) \n- arm: dts: rockchip: fix node name for hym8563 rtc (Sebastian Reichel) \n- LTS version: v4.14.301 (Saeed Mirzamohammadi) \n- ipc/sem: Fix dangling sem_array access in semtimedop race (Jann Horn) \n- v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (Linus Torvalds) \n- mmc: sdhci: Fix voltage switch delay (Adrian Hunter) \n- mmc: sdhci: use FIELD_GET for preset value bit masks (Masahiro Yamada) \n- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (Michael Kelley) \n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (Saeed Mirzamohammadi) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719346] {CVE-2022-3524}\n- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (Xiongfeng Wang) \n- pinctrl: single: Fix potential division by zero (Maxim Korotkov) \n- ASoC: ops: Fix bounds check for _sx controls (Mark Brown) \n- efi: random: Properly limit the size of the random seed (Ben Hutchings) \n- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (ZhangPeng) \n- tools/vm/slabinfo-gnuplot: use 'grep -E' instead of 'egrep' (Tiezhu Yang) \n- btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (ChenXiaoSong) \n- perf: Add sample_flags to indicate the PMU-filled sample data (Kan Liang) \n- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (Yang Yingliang) \n- hwmon: (coretemp) Check for null before removing sysfs attrs (Phil Auld) \n- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (Yoshihiro Shimoda) \n- packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (Willem de Bruijn) \n- net: hsr: Fix potential use-after-free (YueHaibing) \n- dsa: lan9303: Correct stat name (Jerry Ray) \n- net/9p: Fix a potential socket leak in p9_socket_open (Wang Hai) \n- net: net_netdev: Fix error handling in ntb_netdev_init_module() (Yuan Can) \n- net: phy: fix null-ptr-deref while probe() failed (Yang Yingliang) \n- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (Duoming Zhou) \n- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (Zhang Changzhong) \n- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (Zhang Changzhong) \n- net/mlx5: Fix uninitialized variable bug in outlen_write() (YueHaibing) \n- of: property: decrement node refcount in of_fwnode_get_reference_args() (Yang Yingliang) \n- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (Gaosheng Cui) \n- hwmon: (i5500_temp) fix missing pci_disable_device() (Yang Yingliang) \n- iio: light: rpr0521: add missing Kconfig dependencies (Paul Gazzillo) \n- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (Wei Yongjun) \n- iio: health: afe4403: Fix oob read in afe4403_read_raw (Wei Yongjun) \n- drm/amdgpu: always register an MMU notifier for userptr (Christian Konig) \n- net: usb: qmi_wwan: add Telit 0x103a composition (Enrico Sau) \n- tcp: configurable source port perturb table size (Gleb Mazovetskiy) \n- platform/x86: hp-wmi: Ignore Smart Experience App event (Kai-Heng Feng) \n- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (Hans de Goede) \n- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (Xiongfeng Wang) \n- xen/platform-pci: add missing free_irq() in error path (ruanjinjie) \n- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (Lukas Wunner) \n- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (Aman Dhoot) \n- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (Chen Zhongjin) \n- kconfig: display recursive dependency resolution hint just once (Masahiro Yamada) \n- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (Chen Zhongjin) \n- iio: light: apds9960: fix wrong register for gesture gain (Alejandro Concepcion Rodriguez) \n- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (Jakob Unterwurzacher) \n- nios2: add FORCE for vmlinuz.gz (Randy Dunlap) \n- s390/crashdump: fix TOD programmable field size (Heiko Carstens) \n- net: thunderx: Fix the ACPI memory leak (Yu Liao) \n- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (Martin Faltesek) \n- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- s390/dasd: fix no record found for raw_track_access (Stefan Haberland) \n- dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). (Kuniyuki Iwashima) \n- NFC: nci: fix memory leak in nci_rx_data_packet() (Liu Shixin) \n- xfrm: Fix ignored return value in xfrm6_init() (Chen Zhongjin) \n- net/qla3xxx: fix potential memleak in ql3xxx_send() (Zhang Changzhong) \n- net/mlx4: Check retval of mlx4_bitmap_init (Peter Kosyh) \n- ARM: mxs: fix memory leak in mxs_machine_init() (Zheng Yongjun) \n- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (Zhengchao Shao) \n- net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (Wang Hai) \n- nfc/nci: fix race with opening and closing (Lin Ma) \n- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (Michael Grzeschik) \n- bus: sunxi-rsb: Support atomic transfers (Samuel Holland) \n- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (Dominik Haller) \n- af_key: Fix send_acquire race with pfkey_register (Herbert Xu) \n- MIPS: pic32: treat port as signed integer (Jason A. Donenfeld) \n- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (Sean Nyekjaer) \n- wifi: mac80211: Fix ack frame idr leak when mesh has no route (Nicolas Cavallari) \n- audit: fix undefined behavior in bit shift for AUDIT_BIT (Gaosheng Cui) \n- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (Jonas Jelonek) \n- LTS version: v4.14.300 (Saeed Mirzamohammadi) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- LTS version: v4.14.299 (Saeed Mirzamohammadi) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) \n- linux/const.h: move UL() macro to include/linux/const.h (Masahiro Yamada) \n- linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI (Masahiro Yamada) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- i2c: xiic: Add platform module alias (Martin Tuma) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-13T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3303", "CVE-2022-3524", "CVE-2022-3640", "CVE-2022-42895", "CVE-2022-42896"], "modified": "2023-02-13T00:00:00", "id": "ELSA-2023-12117", "href": "http://linux.oracle.com/errata/ELSA-2023-12117.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:51", "description": "[4.14.35-2047.522.3]\n- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303}\n- net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] \n- net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] \n- Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700111] \n- net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 28720880] \n- net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600821] \n- net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560682] \n- net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556027]\n[4.14.35-2047.522.2]\n- tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 34961109] \n- vhost-scsi: Fix max number of virtqueues (Mike Christie) [Orabug: 34915131] \n- net/rds: drop rs_transport module reference count on error (Gerd Rausch) [Orabug: 34500808] \n- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (Gulam Mohamed) [Orabug: 34306796] \n- IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34105979] \n- net/rds: rds_tcp_accept_one ought to not discard messages (Gerd Rausch) [Orabug: 34488377] \n- net/rds: No shortcut out of RDS_CONN_ERROR (Gerd Rausch) [Orabug: 34276065] \n- net/rds: Don't force state RDS_CONN_RESETTING (Gerd Rausch) [Orabug: 34276065] \n- net/rds: Preserve essential connection state flags (Gerd Rausch) [Orabug: 34276065]\n[4.14.35-2047.522.1]\n- uek-rpm: ol7: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: ol7: Add Symtypes files (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: ol7: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 34879138] \n- uek-rpm: Add kabi tool and documentation (Stephen Brennan) [Orabug: 34879138] \n- xfs: don't reuse busy extents on extent trim (Brian Foster) [Orabug: 34605583] \n- RDMA/ucma: Put a lock around every call to the rdma_cm layer (Jason Gunthorpe) [Orabug: 34106064] \n- LTS version: v4.14.302 (Saeed Mirzamohammadi) \n- net: mvneta: Fix an out of bounds check (Dan Carpenter) \n- ipv6: avoid use-after-free in ip6_fragment() (Eric Dumazet) \n- net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() (Yang Yingliang) \n- ethernet: aeroflex: fix potential skb leak in greth_init_rings() (Zhang Changzhong) \n- tipc: Fix potential OOB in tipc_link_proto_rcv() (YueHaibing) \n- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (Liu Jian) \n- net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (Liu Jian) \n- net: stmmac: fix 'snps,axi-config' node property parsing (Jisheng Zhang) \n- NFC: nci: Bounds check struct nfc_target arrays (Kees Cook) \n- net: mvneta: Prevent out of bounds read in mvneta_config_rss() (Dan Carpenter) \n- net: encx24j600: Fix invalid logic in reading of MISTAT register (Valentina Goncharenko) \n- net: encx24j600: Add parentheses to fix precedence (Valentina Goncharenko) \n- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (Wei Yongjun) \n- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (Wang ShaoBo) \n- igb: Allocate MSI-X vector when testing (Akihiko Odaki) \n- e1000e: Fix TX dispatch condition (Akihiko Odaki) \n- gpio: amd8111: Fix PCI device reference count leak (Xiongfeng Wang) \n- ca8210: Fix crash by zero initializing data (Hauke Mehrtens) \n- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (Ziyang Xuan) \n- HID: core: fix shift-out-of-bounds in hid_report_raw_event (ZhangPeng) \n- HID: hid-lg4ff: Add check for empty lbuf (Anastasia Belova) \n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) \n- memcg: fix possible use-after-free in memcg_write_event_control() (Tejun Heo) \n- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (Hans Verkuil) \n- xen/netback: do some code cleanup (Juergen Gross) \n- net: usb: qmi_wwan: add u-blox 0x1342 composition (Davide Tronchin) \n- regulator: twl6030: fix get status of twl6032 regulators (Andreas Kemnade) \n- ASoC: soc-pcm: Add NULL check in BE reparenting (Srinivasa Rao Mandadapu) \n- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (Kees Cook) \n- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (Johan Jonker) \n- ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation (Giulio Benetti) \n- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (Tomislav Novak) \n- ARM: dts: rockchip: fix ir-receiver node names (Johan Jonker) \n- arm: dts: rockchip: fix node name for hym8563 rtc (Sebastian Reichel) \n- LTS version: v4.14.301 (Saeed Mirzamohammadi) \n- ipc/sem: Fix dangling sem_array access in semtimedop race (Jann Horn) \n- v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (Linus Torvalds) \n- mmc: sdhci: Fix voltage switch delay (Adrian Hunter) \n- mmc: sdhci: use FIELD_GET for preset value bit masks (Masahiro Yamada) \n- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (Michael Kelley) \n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (Saeed Mirzamohammadi) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719346] {CVE-2022-3524}\n- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (Xiongfeng Wang) \n- pinctrl: single: Fix potential division by zero (Maxim Korotkov) \n- ASoC: ops: Fix bounds check for _sx controls (Mark Brown) \n- efi: random: Properly limit the size of the random seed (Ben Hutchings) \n- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (ZhangPeng) \n- tools/vm/slabinfo-gnuplot: use 'grep -E' instead of 'egrep' (Tiezhu Yang) \n- btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (ChenXiaoSong) \n- perf: Add sample_flags to indicate the PMU-filled sample data (Kan Liang) \n- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (Yang Yingliang) \n- hwmon: (coretemp) Check for null before removing sysfs attrs (Phil Auld) \n- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (Yoshihiro Shimoda) \n- packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (Willem de Bruijn) \n- net: hsr: Fix potential use-after-free (YueHaibing) \n- dsa: lan9303: Correct stat name (Jerry Ray) \n- net/9p: Fix a potential socket leak in p9_socket_open (Wang Hai) \n- net: net_netdev: Fix error handling in ntb_netdev_init_module() (Yuan Can) \n- net: phy: fix null-ptr-deref while probe() failed (Yang Yingliang) \n- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (Duoming Zhou) \n- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (Zhang Changzhong) \n- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (Zhang Changzhong) \n- net/mlx5: Fix uninitialized variable bug in outlen_write() (YueHaibing) \n- of: property: decrement node refcount in of_fwnode_get_reference_args() (Yang Yingliang) \n- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (Gaosheng Cui) \n- hwmon: (i5500_temp) fix missing pci_disable_device() (Yang Yingliang) \n- iio: light: rpr0521: add missing Kconfig dependencies (Paul Gazzillo) \n- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (Wei Yongjun) \n- iio: health: afe4403: Fix oob read in afe4403_read_raw (Wei Yongjun) \n- drm/amdgpu: always register an MMU notifier for userptr (Christian Konig) \n- net: usb: qmi_wwan: add Telit 0x103a composition (Enrico Sau) \n- tcp: configurable source port perturb table size (Gleb Mazovetskiy) \n- platform/x86: hp-wmi: Ignore Smart Experience App event (Kai-Heng Feng) \n- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (Hans de Goede) \n- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (Xiongfeng Wang) \n- xen/platform-pci: add missing free_irq() in error path (ruanjinjie) \n- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (Lukas Wunner) \n- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (Aman Dhoot) \n- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (Chen Zhongjin) \n- kconfig: display recursive dependency resolution hint just once (Masahiro Yamada) \n- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (Chen Zhongjin) \n- iio: light: apds9960: fix wrong register for gesture gain (Alejandro Concepcion Rodriguez) \n- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (Jakob Unterwurzacher) \n- nios2: add FORCE for vmlinuz.gz (Randy Dunlap) \n- s390/crashdump: fix TOD programmable field size (Heiko Carstens) \n- net: thunderx: Fix the ACPI memory leak (Yu Liao) \n- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (Martin Faltesek) \n- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- s390/dasd: fix no record found for raw_track_access (Stefan Haberland) \n- dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). (Kuniyuki Iwashima) \n- NFC: nci: fix memory leak in nci_rx_data_packet() (Liu Shixin) \n- xfrm: Fix ignored return value in xfrm6_init() (Chen Zhongjin) \n- net/qla3xxx: fix potential memleak in ql3xxx_send() (Zhang Changzhong) \n- net/mlx4: Check retval of mlx4_bitmap_init (Peter Kosyh) \n- ARM: mxs: fix memory leak in mxs_machine_init() (Zheng Yongjun) \n- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (Zhengchao Shao) \n- net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (Wang Hai) \n- nfc/nci: fix race with opening and closing (Lin Ma) \n- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (Michael Grzeschik) \n- bus: sunxi-rsb: Support atomic transfers (Samuel Holland) \n- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (Dominik Haller) \n- af_key: Fix send_acquire race with pfkey_register (Herbert Xu) \n- MIPS: pic32: treat port as signed integer (Jason A. Donenfeld) \n- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (Sean Nyekjaer) \n- wifi: mac80211: Fix ack frame idr leak when mesh has no route (Nicolas Cavallari) \n- audit: fix undefined behavior in bit shift for AUDIT_BIT (Gaosheng Cui) \n- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (Jonas Jelonek) \n- LTS version: v4.14.300 (Saeed Mirzamohammadi) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- LTS version: v4.14.299 (Saeed Mirzamohammadi) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) \n- linux/const.h: move UL() macro to include/linux/const.h (Masahiro Yamada) \n- linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI (Masahiro Yamada) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- i2c: xiic: Add platform module alias (Martin Tuma) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3303", "CVE-2022-3524", "CVE-2022-3640", "CVE-2022-42895", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "id": "ELSA-2023-12118", "href": "http://linux.oracle.com/errata/ELSA-2023-12118.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:52", "description": "[5.15.0-6.80.3.1]\n- Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359]\n[5.15.0-6.80.3]\n- net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] \n- rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] \n- uek-rpm: Add ptp_kvm.ko to core rpm (Somasundaram Krishnasamy) [Orabug: 34901414] \n- Revert 'tracing/ring-buffer: Have polling block on watermark' (Harshit Mogalapalli) [Orabug: 34890999]\n[5.15.0-6.80.2]\n- scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34640445] \n- scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to issue MPT transport cmds (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to issue config requests (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enable shared host tagset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for PEL commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for MPT commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for driver commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add bsg device support (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34640445] \n- scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34640445] \n- scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enhanced Task Management Support Reply handling (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add io_uring interface support in I/O-polled mode (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34640445] \n- rds: ib: Remove unnecessary call to rds_ib_ring_unalloc (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Remove unnecessary i_flowctl term from conditions (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Remove unnesesarry variable initialization (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Make sure receives are posted before connection is up (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Fix the Retry counter dependency on RNR NAK Retry counter (Hakon Bugge) [Orabug: 34768825] \n- rds: Deduct one credit on the passive side (Hakon Bugge) [Orabug: 34768825] \n- rds: Use all eight bits for credit updates (Hakon Bugge) [Orabug: 34768825] \n- RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865847] \n- uek-rpm: Enable CONFIG_HP_ILO for aarch64 (Saeed Mirzamohammadi) [Orabug: 34869880] \n- uek-rpm: ol8: Choose right annobin plugin for UEK build (Somasundaram Krishnasamy) [Orabug: 34873882] \n- proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378}\n- proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378}\n[5.15.0-6.80.1]\n- LTS version: v5.15.80 (Jack Vogel) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- net/9p: use a dedicated spinlock for trans_fd (Dominique Martinet) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- wifi: wext: use flex array destination for memcpy() (Hawkins Jiawei) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- Input: i8042 - fix leaking of platform device on module removal (Chen Jun) \n- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) \n- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (Yuan Can) \n- scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) \n- net: use struct_group to copy ip/ipv6 header addresses (Hangbin Liu) \n- tracing: Fix warning on variable 'struct trace_array' (Aashish Sharma) \n- ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) \n- perf: Improve missing SIGTRAP checking (Marco Elver) \n- serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake (Ilpo Jarvinen) \n- nvme: ensure subsystem reset is single threaded (Keith Busch) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- perf/x86/intel/pt: Fix sampling using single range output (Adrian Hunter) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- docs: update mediator contact information in CoC doc (Shuah Khan) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- firmware: coreboot: Register bus in module init (Brian Norris) \n- iommu/vt-d: Set SRE bit only when hardware has SRS cap (Tina Zhang) \n- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (Tina Zhang) \n- scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) \n- net: phy: marvell: add sleep time after enabling the loopback bit (Aminuddin Jamaluddin) \n- maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() (Alban Crequy) \n- Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: adc: mp2629: fix potential array out of bound access (Saravanan Sekar) \n- iio: adc: mp2629: fix wrong comparison of channel (Saravanan Sekar) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: typec: mux: Enter safe mode only when pins need to be reconfigured (Rajat Khandelwal) \n- usb: cdns3: host: fix endless superspeed hub port reset (Li Jun) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- USB: bcma: Make GPIO explicitly optional (Linus Walleij) \n- speakup: fix a segfault caused by switching consoles (Mushahid Hussain) \n- slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) \n- slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m (Zheng Bin) \n- Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) \n- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Takashi Iwai) \n- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (Emil Flink) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- drm/amd/display: Add HUBP surface flip interrupt handler (Rodrigo Siqueira) \n- tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (Shang XiaoJing) \n- tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (Shang XiaoJing) \n- tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) \n- tracing: Fix wild-memory-access in register_synth_event() (Shang XiaoJing) \n- tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (Shang XiaoJing) \n- tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) \n- tracing: Fix memory leak in tracing_read_pipe() (Wang Yufen) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) \n- net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) \n- net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() (Shang XiaoJing) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() (Liu Jian) \n- cifs: add check for returning value of SMB2_close_init (Anastasia Belova) \n- platform/surface: aggregator: Do not check for repeated unsequenced packets (Maximilian Luz) \n- platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- bridge: switchdev: Fix memory leaks when changing VLAN protocol (Ido Schimmel) \n- net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process (Guangbin Huang) \n- net: ena: Fix error handling in ena_init() (Yuan Can) \n- net: ionic: Fix error handling in ionic_init_module() (Yuan Can) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims (Vladimir Oltean) \n- net: mhi: Fix memory leak in mhi_net_dellink() (Wei Yongjun) \n- bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- net: macvlan: Use built-in RCU list checking (Chuang Wang) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) \n- soc: imx8m: Enable OCOTP clock before reading the register (Xiaolei Wang) \n- net: stmmac: ensure tx function is not running in stmmac_xdp_release() (Mohd Faizal Abdul Rahim) \n- net: hinic: Fix error handling in hinic_module_init() (Yuan Can) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- bpf: Initialize same number of free nodes for each pcpu_freelist (Xu Kuohai) \n- MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed (Liao Chang) \n- MIPS: fix duplicate definitions for exported symbols (Rongwei Zhang) \n- nfp: change eeprom length to max length enumerators (Jaco Coetzee) \n- ata: libata-transport: fix error handling in ata_tdev_add() (Yang Yingliang) \n- ata: libata-transport: fix error handling in ata_tlink_add() (Yang Yingliang) \n- ata: libata-transport: fix error handling in ata_tport_add() (Yang Yingliang) \n- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) \n- arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) \n- arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) \n- ARM: dts: imx7: Fix NAND controller size-cells (Marek Vasut) \n- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (Shang XiaoJing) \n- drm/drv: Fix potential memory leak in drm_dev_init() (Shang XiaoJing) \n- drm/panel: simple: set bpc field for logic technologies displays (Aishwarya Kothari) \n- drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (Gaosheng Cui) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- siox: fix possible memory leak in siox_device_add() (Yang Yingliang) \n- arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (D Scott Phillips) \n- bpf: Fix memory leaks in __check_func_call (Wang Yufen) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (Yang Yingliang) \n- pinctrl: rockchip: list all pins in a possible mux route for PX30 (Quentin Schulz) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: imx: Add missing .thaw_noirq hook (Shawn Guo) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() (Tony Lindgren) \n- ARM: at91: pm: avoid soft resetting AC DLL (Claudiu Beznea) \n- ASoC: tas2764: Fix set_tdm_slot in case of single slot (Martin Poviser) \n- ASoC: tas2770: Fix set_tdm_slot in case of single slot (Martin Poviser) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- ARM: dts: at91: sama7g5: fix signal name of pin PB2 (Mihai Sain) \n- spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) \n- arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (Douglas Anderson) \n- KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet (Like Xu) \n- spi: intel: Use correct mask for flash and protected regions (Mika Westerberg) \n- mtd: spi-nor: intel-spi: Disable write protection only if asked (Mika Westerberg) \n- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) \n- x86/cpu: Add several Intel server CPU model numbers (Tony Luck) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) \n- i2c: tegra: Allocate DMA memory for DMA engine (Thierry Reding) \n- firmware: arm_scmi: Cleanup the core driver removal callback (Cristian Marussi) \n- ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (Mario Limonciello) \n- NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) \n- btrfs: raid56: properly handle the error when unable to find the missing stripe (Qu Wenruo) \n- RDMA/efa: Add EFA 0xefa2 PCI ID (Michael Margolin) \n- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (Hans de Goede) \n- drm/amd/display: Remove wrong pipe control lock (Rodrigo Siqueira) \n- ASoC: rt1308-sdw: add the default value of some registers (Shuming Fan) \n- selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) \n- ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) \n- ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) \n- ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) \n- ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) \n- spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) \n- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) \n- ASoC: rt1019: Fix the TDM settings (Derek Fang) \n- ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (Zhang Qilong) \n- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) \n- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) \n- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) \n- LTS version: v5.15.79 (Jack Vogel) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) \n- drm/amdkfd: Migrate in CPU page fault use current mm (Philip Yang) \n- marvell: octeontx2: build error: unknown type name 'u64' (Anders Roxell) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency over the active list (Tudor Ambarus) \n- dmaengine: at_hdmac: Free the memset buf without holding the chan lock (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency over descriptor (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (Tudor Ambarus) \n- dmaengine: at_hdmac: Protect atchan->status with the channel lock (Tudor Ambarus) \n- dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (Tudor Ambarus) \n- dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) \n- mm/shmem: use page_mapping() to detect page cache for uffd continue (Peter Xu) \n- mm/memremap.c: map FS_DAX device memory as decrypted (Pankaj Gupta) \n- mm/damon/dbgfs: check if rm_contexts input is for a real context (SeongJae Park) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- btrfs: zoned: initialize device's zone info for seeding (Johannes Thumshirn) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- btrfs: fix match incorrectly in dev_args_match_device (Liu Shixin) \n- wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (Wen Gong) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/amdgpu: disable BACO on special BEIGE_GOBY card (Guchun Chen) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (Shin'ichiro Kawasaki) \n- vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) \n- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: usb-audio: Yet more regression for for the delayed card registration (Takashi Iwai) \n- ALSA: hda/realtek: Add Positivo C6300 model quirk (Edson Juliano Drosdeck) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) \n- ALSA: hda/hdmi - enable runtime pm for more AMD display audio (Evan Quan) \n- mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (Haibo Chen) \n- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) \n- MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- riscv: fix reserved memory setup (Conor Dooley) \n- riscv: vdso: fix build with llvm (Jisheng Zhang) \n- riscv: process: fix kernel info leakage (Jisheng Zhang) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- net: atlantic: macsec: clear encryption keys from the stack (Antoine Tenart) \n- net: phy: mscc: macsec: clear encryption keys when freeing a flow (Antoine Tenart) \n- stmmac: dwmac-loongson: fix missing of_node_put() while module exiting (Yang Yingliang) \n- stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe() (Yang Yingliang) \n- stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting (Yang Yingliang) \n- cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) \n- mctp: Fix an error handling path in mctp_init() (Wei Yongjun) \n- stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz (Tan, Tee Min) \n- stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S (Wong Vee Khee) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) \n- net/mlx5e: E-Switch, Fix comparing termination table instance (Roi Dayan) \n- net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) \n- net/mlx5: Bridge, verify LAG state when adding bond to bridge (Vlad Buslov) \n- net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg (M Chetan Kumar) \n- net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) \n- net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() (Zhengchao Shao) \n- netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() (Shigeru Yoshida) \n- netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg() (Ziyang Xuan) \n- perf tools: Add the include/perf/ directory to .gitignore (Donglin Peng) \n- perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- net: lapbether: fix issue of invalid opcode in lapbeth_open() (Zhengchao Shao) \n- dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (Yang Yingliang) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- net: broadcom: Fix BCMGENET Kconfig (YueHaibing) \n- net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable() (Rasmus Villemoes) \n- can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (Lu Wei) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- net: wwan: mhi: fix memory leak in mhi_mbim_dellink (HW He) \n- net: wwan: iosm: fix memory leak in ipc_wwan_dellink (HW He) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- KVM: s390: pv: don't allow userspace to set the clock under PV (Nico Boehr) \n- phy: ralink: mt7621-pci: add sentinel to quirks table (John Thomson) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) \n- net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) \n- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) \n- octeontx2-pf: Use hardware register for CQE count (Geetha sowjanya) \n- macsec: clear encryption keys from the stack after setting up offload (Sabrina Dubroca) \n- macsec: fix detection of RXSCs when toggling offloading (Sabrina Dubroca) \n- macsec: fix secy->n_rx_sc accounting (Sabrina Dubroca) \n- macsec: delete new rxsc when offload fails (Sabrina Dubroca) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- bpf: Fix wrong reg type conversion in release_reference() (Youlin Li) \n- bpf: Add helper macro bpf_for_each_reg_in_vstate (Kumar Kartikeya Dwivedi) \n- bpf, sock_map: Move cancel_work_sync() out of sock lock (Cong Wang) \n- bpf: Fix sockmap calling sleepable function in teardown path (John Fastabend) \n- bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues (Wang Yufen) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE (Pu Lehui) \n- wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (Howard Hsu) \n- bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) \n- bpf, verifier: Fix memory leak in array reallocation for stack state (Kees Cook) \n- soundwire: qcom: check for outanding writes before doing a read (Srinivas Kandagatla) \n- soundwire: qcom: reinit broadcast completion (Srinivas Kandagatla) \n- wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) \n- wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) \n- phy: stm32: fix an error code in probe (Dan Carpenter) \n- hwspinlock: qcom: correct MMIO max register for newer SoCs (Krzysztof Kozlowski) \n- drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (Yang Li) \n- drm/amdkfd: handle CPU fault on COW mapping (Philip Yang) \n- drm/amdkfd: avoid recursive lock in migrations back to RAM (Alex Sierra) \n- fuse: fix readdir cache race (Miklos Szeredi) \n- thunderbolt: Add DP OUT resource when DP tunnel is discovered (Sanjay R Mehta) \n- thunderbolt: Tear down existing tunnels when resuming from hibernate (Mika Westerberg) \n- LTS version: v5.15.78 (Jack Vogel) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) \n- drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) \n- drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) \n- drm/rockchip: dsi: Force synchronous probe (Brian Norris) \n- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (Brian Norris) \n- cifs: fix regression in very old smb1 mounts (Ronnie Sahlberg) \n- ext4,f2fs: fix readahead of verity data (Matthew Wilcox (Oracle)) \n- tee: Fix tee_shm_register() for kernel TEE drivers (Sumit Garg) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: update the emulation mode after rsm (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: arm64: Fix bad dereference on MTE-enabled systems (Ryan Roberts) \n- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (Emanuele Giuseppe Esposito) \n- KVM: x86: Mask off reserved bits in CPUID.8000001FH (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000001H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000006H (Jim Mattson) \n- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (Jiri Olsa) \n- ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Avoid printing the hardware path twice (Helge Deller) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- perf/x86/intel: Fix pebs event constraints for SPR (Kan Liang) \n- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) \n- perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) \n- arm64: entry: avoid kprobe recursion (Mark Rutland) \n- efi: random: Use 'ACPI reclaim' memory for random seed (Ard Biesheuvel) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- fuse: add file_modified() to fallocate (Miklos Szeredi) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) \n- tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) \n- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (Steven Rostedt (Google)) \n- kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) \n- tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (Shang XiaoJing) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- ftrace: Fix use-after-free for dynamic ftrace_ops (Li Huafei) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- btrfs: fix tree mod log mishandling of reallocated nodes (Josef Bacik) \n- btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (Filipe Manana) \n- fscrypt: fix keyring memory leak on mount failure (Eric Biggers) \n- fscrypt: stop using keyrings subsystem for fscrypt_master_key (Eric Biggers) \n- af_unix: Fix memory leaks of the whole sk due to OOB skb. (Kuniyuki Iwashima) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- i2c: piix4: Fix adapter not be removed in piix4_remove() (Chen Zhongjin) \n- arm64: dts: juno: Add thermal critical trip points (Cristian Marussi) \n- firmware: arm_scmi: Fix devres allocation device in virtio transport (Cristian Marussi) \n- firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Cristian Marussi) \n- firmware: arm_scmi: Suppress the driver's bind attributes (Cristian Marussi) \n- block: Fix possible memory leak for rq_wb on add_disk failure (Chen Zhongjin) \n- arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: imx8: correct clock order (Peng Fan) \n- ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (Tim Harvey) \n- clk: qcom: Update the force mem core bit for GPU clocks (Taniya Das) \n- efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) \n- i2c: xiic: Add platform module alias (Martin Tuma) \n- drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (Danijel Slivka) \n- HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) \n- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) \n- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (Ashish Kalra) \n- media: v4l: subdev: Fail graciously when getting try data for NULL state (Sakari Ailus) \n- media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: rkisp1: Zero v4l2_subdev_format fields in when validating links (Laurent Pinchart) \n- media: rkisp1: Use correct macro for gradient registers (Laurent Pinchart) \n- media: rkisp1: Initialize color space on resizer sink and source pads (Laurent Pinchart) \n- media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (Laurent Pinchart) \n- s390/cio: fix out-of-bounds access on cio_ignore free (Peter Oberparleiter) \n- s390/cio: derive cdev information only for IO-subchannels (Vineeth Vijayan) \n- s390/boot: add secure boot trailer (Peter Oberparleiter) \n- s390/uaccess: add missing EX_TABLE entries to __clear_user() (Heiko Carstens) \n- mtd: parsers: bcm47xxpart: Fix halfblock reads (Linus Walleij) \n- mtd: parsers: bcm47xxpart: print correct offset on read error (Rafal Milecki) \n- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (Helge Deller) \n- video/fbdev/stifb: Implement the stifb_fillrect() function (Helge Deller) \n- drm/msm/hdmi: fix IRQ lifetime (Johan Hovold) \n- drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (Daniel Thompson) \n- vsock: fix possible infinite sleep in vsock_connectible_wait_data() (Dexuan Cui) \n- ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net/smc: Fix possible leaked pernet namespace in smc_init() (Chen Zhongjin) \n- stmmac: dwmac-loongson: fix invalid mdio_node (Liu Peibao) \n- ibmvnic: Free rwi on reset success (Nick Child) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: Fix memory leak in vhci_write (Hawkins Jiawei) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: virtio_bt: Use skb_put to set length (Soenke Huster) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- netfilter: ipset: enforce documented limit to prevent allocating huge memory (Jozsef Kadlecsik) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) \n- ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) \n- netfilter: nf_tables: netlink notifier might race to release objects (Pablo Neira Ayuso) \n- net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (Shang XiaoJing) \n- nfc: fdp: Fix potential memory leak in fdp_nci_send() (Shang XiaoJing) \n- net: dsa: fall back to default tagger if we can't load the one from DT (Vladimir Oltean) \n- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) \n- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.2: Fixup CLONE dest file size for zero-length count (Benjamin Coddington) \n- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) \n- NFSv4: Fix a potential state reclaim deadlock (Trond Myklebust) \n- RDMA/hns: Disable local invalidate operation (Yangyang Li) \n- RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (Wenpeng Liang) \n- RDMA/hns: Remove magic number (Xinhao Liu) \n- IB/hfi1: Correctly move list in sc_disable() (Dean Luick) \n- KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (Alexander Graf) \n- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (Alexander Graf) \n- KVM: x86: Protect the unused bits in MSR exiting flags (Aaron Lewis) \n- HID: playstation: add initial DualSense Edge controller support (Roderick Colenbrander) \n- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) \n- drm/amd/display: explicitly disable psr_feature_enable appropriately (Shirish S) \n- KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (Sean Christopherson) \n- serial: ar933x: Deassert Transmit Enable on ->rs485_config() (Lukas Wunner) \n- scsi: lpfc: Rework MIB Rx Monitor debug info logic (James Smart) \n- scsi: lpfc: Adjust CMF total bytes and rxmonitor (James Smart) \n- scsi: lpfc: Adjust bytes received vales during cmf timer interval (James Smart) \n- LTS version: v5.15.77 (Jack Vogel) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) \n- serial: Deassert Transmit Enable on probe in driver-specific way (Lukas Wunner) \n- serial: core: move RS485 configuration tasks from drivers into core (Lino Sanfilippo) \n- can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) \n- can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (Biju Das) \n- scsi: sd: Revert 'scsi: sd: Remove a local variable' (Yu Kuai) \n- arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) \n- net: enetc: survive memory pressure without crashing (Vladimir Oltean) \n- kcm: do not sense pfmemalloc status in kcm_sendpage() (Eric Dumazet) \n- net: do not sense pfmemalloc status in skb_append_pagefrags() (Eric Dumazet) \n- net/mlx5: Fix crash during sync firmware reset (Suresh Devarakonda) \n- net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (Roy Novich) \n- net/mlx5: Print more info on pci error handlers (Saeed Mahameed) \n- net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) \n- net/mlx5e: Extend SKB room check to include PTP-SQ (Aya Levin) \n- net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) \n- netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (Zhengchao Shao) \n- net: broadcom: bcm4908_enet: update TX stats after actual transmission (Rafal Milecki) \n- net: broadcom: bcm4908enet: remove redundant variable bytes (Colin Ian King) \n- nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) \n- net: bcmsysport: Indicate MAC is in charge of PHY PM (Florian Fainelli) \n- net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) \n- openvswitch: switch from WARN to pr_warn (Aaron Conole) \n- ALSA: aoa: Fix I2S device accounting (Takashi Iwai) \n- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) \n- net: ethernet: ave: Fix MAC to be in charge of PHY PM (Kunihiko Hayashi) \n- net: fec: limit register access on i.MX6UL (Juergen Borleis) \n- perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (Shang XiaoJing) \n- PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) \n- net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) \n- i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) \n- i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) \n- i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) \n- ipv6: ensure sane device mtu in tunnels (Eric Dumazet) \n- perf vendor events power10: Fix hv-24x7 metric events (Kajol Jain) \n- media: vivid: set num_in/outputs to 0 if not supported (Hans Verkuil) \n- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) \n- media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) \n- media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) \n- media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) \n- PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) \n- can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (Dongliang Mu) \n- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) \n- drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (Rafael Mendonca) \n- net-memcg: avoid stalls when under memory pressure (Jakub Kicinski) \n- tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) \n- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) \n- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) \n- net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) \n- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) \n- kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) \n- kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) \n- atlantic: fix deadlock at aq_nic_stop (Inigo Huguet) \n- drm/i915/dp: Reset frl trained flag before restarting FRL training (Ankit Nautiyal) \n- amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) \n- amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) \n- x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) \n- nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (Shang XiaoJing) \n- net: macb: Specify PHY PM management done by MAC (Sergiu Moga) \n- net: hinic: fix the issue of double release MBOX callback of VF (Zhengchao Shao) \n- net: hinic: fix the issue of CMDQ memory leaks (Zhengchao Shao) \n- net: hinic: fix memory leak when reading function table (Zhengchao Shao) \n- net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (Zhengchao Shao) \n- net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) \n- tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) \n- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (Maxim Levitsky) \n- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) \n- ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (Srinivasa Rao Mandadapu) \n- mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (Yang Yingliang) \n- arc: iounmap() arg is volatile (Randy Dunlap) \n- sched/core: Fix comparison in sched_group_cookie_match() (Lin Shengwang) \n- perf: Fix missing SIGTRAPs (Peter Zijlstra) \n- ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (Srinivasa Rao Mandadapu) \n- KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (Gavin Shan) \n- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) \n- media: atomisp: prevent integer overflow in sh_css_set_black_frame() (Dan Carpenter) \n- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) \n- net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) \n- ethtool: eeprom: fix null-deref on genl_info in dump (Xin Long) \n- mmc: block: Remove error check of hw_reset on reset (Christian Lohle) \n- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) \n- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) \n- perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) \n- ARC: mm: fix leakage of memory allocated for PTE (Pavel Kozlov) \n- pinctrl: Ingenic: JZ4755 bug fixes (Siarhei Volkau) \n- kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) \n- counter: microchip-tcb-capture: Handle Signal1 read and Synapse (William Breathitt Gray) \n- mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (Sascha Hauer) \n- mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (Patrick Thompson) \n- mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) \n- mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (Brian Norris) \n- coresight: cti: Fix hang in cti_disable_hw() (James Clark) \n- drm/msm/dp: fix IRQ lifetime (Johan Hovold) \n- drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (Prike Liang) \n- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (Manish Rangankar) \n- mac802154: Fix LQI recording (Miquel Raynal) \n- exec: Copy oldsighand->action under spin-lock (Bernd Edlinger) \n- fs/binfmt_elf: Fix memory leak in load_elf_binary() (Li Zetao) \n- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (Rafael J. Wysocki) \n- cpufreq: intel_pstate: Read all MSRs on the target CPU (Rafael J. Wysocki) \n- fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) \n- iio: adxl372: Fix unsafe buffer attributes (Matti Vaittinen) \n- iio: temperature: ltc2983: allocate iio channels once (Cosmin Tanislav) \n- iio: light: tsl2583: Fix module unloading (Shreeya Patel) \n- tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) \n- xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) \n- xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (Mario Limonciello) \n- xhci: Add quirk to reset host back to default state at shutdown (Mathias Nyman) \n- mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) \n- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) \n- usb: bdc: change state when port disconnected (Justin Chen) \n- usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) \n- usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) \n- usb: gadget: uvc: fix sg handling during video encode (Jeff Vanhoof) \n- usb: gadget: uvc: fix sg handling in error case (Dan Vacura) \n- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) \n- ALSA: rme9652: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (Takashi Iwai) \n- ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) \n- can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) \n- can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) \n- NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (Scott Mayhew) \n- NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) \n- rds: ib: Enable FC by default (Hakon Bugge) [Orabug: 33930793] \n- Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34719459] \n- nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34719459] \n- nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34719459] \n- nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34719459] \n- nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34719459] \n- hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772616] \n- mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772616] \n- mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 34772616] \n- mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772616] \n- net/rds: Quiesce heartbeat worker in rds_conn_path_destroy() (Sharath Srinivasan) [Orabug: 34815818] \n- net/rds: Add support for tracing RDS heartbeats (Sharath Srinivasan) [Orabug: 34815818] \n- net/rds: Enable RDS heartbeat by default (Sharath Srinivasan) [Orabug: 34815818] \n- uek-rpm: core.list: add VirtualBox guest drivers to core package (Todd Vierling) [Orabug: 34820755] \n- tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34838996] \n- tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34838996] \n- rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34857202] \n- Revert 'random: clear fast pool, crng, and batches in cpuhp bring up' (Somasundaram Krishnasamy) [Orabug: 34850847] ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "id": "ELSA-2023-12017", "href": "http://linux.oracle.com/errata/ELSA-2023-12017.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:49", "description": "[5.15.0-6.80.3.1]\n- Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359]\n[5.15.0-6.80.3]\n- net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] \n- rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] \n- uek-rpm: Add ptp_kvm.ko to core rpm (Somasundaram Krishnasamy) [Orabug: 34901414] \n- Revert 'tracing/ring-buffer: Have polling block on watermark' (Harshit Mogalapalli) [Orabug: 34890999]\n[5.15.0-6.80.2]\n- scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34640445] \n- scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to issue MPT transport cmds (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add framework to issue config requests (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enable shared host tagset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for PEL commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for MPT commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for driver commands (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Add bsg device support (Sumit Saxena) [Orabug: 34640445] \n- scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34640445] \n- scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34640445] \n- scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Enhanced Task Management Support Reply handling (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add io_uring interface support in I/O-polled mode (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34640445] \n- scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34640445] \n- scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34640445] \n- rds: ib: Remove unnecessary call to rds_ib_ring_unalloc (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Remove unnecessary i_flowctl term from conditions (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Remove unnesesarry variable initialization (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Make sure receives are posted before connection is up (Hakon Bugge) [Orabug: 34768825] \n- rds: ib: Fix the Retry counter dependency on RNR NAK Retry counter (Hakon Bugge) [Orabug: 34768825] \n- rds: Deduct one credit on the passive side (Hakon Bugge) [Orabug: 34768825] \n- rds: Use all eight bits for credit updates (Hakon Bugge) [Orabug: 34768825] \n- RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865847] \n- uek-rpm: Enable CONFIG_HP_ILO for aarch64 (Saeed Mirzamohammadi) [Orabug: 34869880] \n- uek-rpm: ol8: Choose right annobin plugin for UEK build (Somasundaram Krishnasamy) [Orabug: 34873882] \n- proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378}\n- proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378}\n[5.15.0-6.80.1]\n- LTS version: v5.15.80 (Jack Vogel) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- net/9p: use a dedicated spinlock for trans_fd (Dominique Martinet) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- wifi: wext: use flex array destination for memcpy() (Hawkins Jiawei) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- Input: i8042 - fix leaking of platform device on module removal (Chen Jun) \n- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) \n- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (Yuan Can) \n- scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) \n- net: use struct_group to copy ip/ipv6 header addresses (Hangbin Liu) \n- tracing: Fix warning on variable 'struct trace_array' (Aashish Sharma) \n- ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) \n- perf: Improve missing SIGTRAP checking (Marco Elver) \n- serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake (Ilpo Jarvinen) \n- nvme: ensure subsystem reset is single threaded (Keith Busch) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- perf/x86/intel/pt: Fix sampling using single range output (Adrian Hunter) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- docs: update mediator contact information in CoC doc (Shuah Khan) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- firmware: coreboot: Register bus in module init (Brian Norris) \n- iommu/vt-d: Set SRE bit only when hardware has SRS cap (Tina Zhang) \n- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (Tina Zhang) \n- scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) \n- net: phy: marvell: add sleep time after enabling the loopback bit (Aminuddin Jamaluddin) \n- maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() (Alban Crequy) \n- Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: adc: mp2629: fix potential array out of bound access (Saravanan Sekar) \n- iio: adc: mp2629: fix wrong comparison of channel (Saravanan Sekar) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: typec: mux: Enter safe mode only when pins need to be reconfigured (Rajat Khandelwal) \n- usb: cdns3: host: fix endless superspeed hub port reset (Li Jun) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- USB: bcma: Make GPIO explicitly optional (Linus Walleij) \n- speakup: fix a segfault caused by switching consoles (Mushahid Hussain) \n- slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) \n- slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m (Zheng Bin) \n- Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) \n- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Takashi Iwai) \n- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (Emil Flink) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- drm/amd/display: Add HUBP surface flip interrupt handler (Rodrigo Siqueira) \n- tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (Shang XiaoJing) \n- tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (Shang XiaoJing) \n- tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) \n- tracing: Fix wild-memory-access in register_synth_event() (Shang XiaoJing) \n- tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (Shang XiaoJing) \n- tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) \n- tracing: Fix memory leak in tracing_read_pipe() (Wang Yufen) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) \n- net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) \n- net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() (Shang XiaoJing) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() (Liu Jian) \n- cifs: add check for returning value of SMB2_close_init (Anastasia Belova) \n- platform/surface: aggregator: Do not check for repeated unsequenced packets (Maximilian Luz) \n- platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- bridge: switchdev: Fix memory leaks when changing VLAN protocol (Ido Schimmel) \n- net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process (Guangbin Huang) \n- net: ena: Fix error handling in ena_init() (Yuan Can) \n- net: ionic: Fix error handling in ionic_init_module() (Yuan Can) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims (Vladimir Oltean) \n- net: mhi: Fix memory leak in mhi_net_dellink() (Wei Yongjun) \n- bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- net: macvlan: Use built-in RCU list checking (Chuang Wang) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) \n- soc: imx8m: Enable OCOTP clock before reading the register (Xiaolei Wang) \n- net: stmmac: ensure tx function is not running in stmmac_xdp_release() (Mohd Faizal Abdul Rahim) \n- net: hinic: Fix error handling in hinic_module_init() (Yuan Can) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- bpf: Initialize same number of free nodes for each pcpu_freelist (Xu Kuohai) \n- MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed (Liao Chang) \n- MIPS: fix duplicate definitions for exported symbols (Rongwei Zhang) \n- nfp: change eeprom length to max length enumerators (Jaco Coetzee) \n- ata: libata-transport: fix error handling in ata_tdev_add() (Yang Yingliang) \n- ata: libata-transport: fix error handling in ata_tlink_add() (Yang Yingliang) \n- ata: libata-transport: fix error handling in ata_tport_add() (Yang Yingliang) \n- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) \n- arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) \n- arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) \n- ARM: dts: imx7: Fix NAND controller size-cells (Marek Vasut) \n- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (Shang XiaoJing) \n- drm/drv: Fix potential memory leak in drm_dev_init() (Shang XiaoJing) \n- drm/panel: simple: set bpc field for logic technologies displays (Aishwarya Kothari) \n- drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (Gaosheng Cui) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- siox: fix possible memory leak in siox_device_add() (Yang Yingliang) \n- arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (D Scott Phillips) \n- bpf: Fix memory leaks in __check_func_call (Wang Yufen) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (Yang Yingliang) \n- pinctrl: rockchip: list all pins in a possible mux route for PX30 (Quentin Schulz) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: imx: Add missing .thaw_noirq hook (Shawn Guo) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() (Tony Lindgren) \n- ARM: at91: pm: avoid soft resetting AC DLL (Claudiu Beznea) \n- ASoC: tas2764: Fix set_tdm_slot in case of single slot (Martin Poviser) \n- ASoC: tas2770: Fix set_tdm_slot in case of single slot (Martin Poviser) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- ARM: dts: at91: sama7g5: fix signal name of pin PB2 (Mihai Sain) \n- spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) \n- arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (Douglas Anderson) \n- arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (Douglas Anderson) \n- KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet (Like Xu) \n- spi: intel: Use correct mask for flash and protected regions (Mika Westerberg) \n- mtd: spi-nor: intel-spi: Disable write protection only if asked (Mika Westerberg) \n- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) \n- x86/cpu: Add several Intel server CPU model numbers (Tony Luck) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) \n- i2c: tegra: Allocate DMA memory for DMA engine (Thierry Reding) \n- firmware: arm_scmi: Cleanup the core driver removal callback (Cristian Marussi) \n- ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (Mario Limonciello) \n- NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) \n- btrfs: raid56: properly handle the error when unable to find the missing stripe (Qu Wenruo) \n- RDMA/efa: Add EFA 0xefa2 PCI ID (Michael Margolin) \n- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (Hans de Goede) \n- drm/amd/display: Remove wrong pipe control lock (Rodrigo Siqueira) \n- ASoC: rt1308-sdw: add the default value of some registers (Shuming Fan) \n- selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) \n- ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) \n- ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) \n- ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) \n- ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) \n- spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) \n- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) \n- ASoC: rt1019: Fix the TDM settings (Derek Fang) \n- ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (Zhang Qilong) \n- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) \n- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) \n- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) \n- LTS version: v5.15.79 (Jack Vogel) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) \n- drm/amdkfd: Migrate in CPU page fault use current mm (Philip Yang) \n- marvell: octeontx2: build error: unknown type name 'u64' (Anders Roxell) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency over the active list (Tudor Ambarus) \n- dmaengine: at_hdmac: Free the memset buf without holding the chan lock (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency over descriptor (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (Tudor Ambarus) \n- dmaengine: at_hdmac: Protect atchan->status with the channel lock (Tudor Ambarus) \n- dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (Tudor Ambarus) \n- dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) \n- mm/shmem: use page_mapping() to detect page cache for uffd continue (Peter Xu) \n- mm/memremap.c: map FS_DAX device memory as decrypted (Pankaj Gupta) \n- mm/damon/dbgfs: check if rm_contexts input is for a real context (SeongJae Park) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- btrfs: zoned: initialize device's zone info for seeding (Johannes Thumshirn) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- btrfs: fix match incorrectly in dev_args_match_device (Liu Shixin) \n- wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (Wen Gong) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/amdgpu: disable BACO on special BEIGE_GOBY card (Guchun Chen) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (Shin'ichiro Kawasaki) \n- vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) \n- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: usb-audio: Yet more regression for for the delayed card registration (Takashi Iwai) \n- ALSA: hda/realtek: Add Positivo C6300 model quirk (Edson Juliano Drosdeck) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) \n- ALSA: hda/hdmi - enable runtime pm for more AMD display audio (Evan Quan) \n- mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (Haibo Chen) \n- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) \n- MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- riscv: fix reserved memory setup (Conor Dooley) \n- riscv: vdso: fix build with llvm (Jisheng Zhang) \n- riscv: process: fix kernel info leakage (Jisheng Zhang) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- net: atlantic: macsec: clear encryption keys from the stack (Antoine Tenart) \n- net: phy: mscc: macsec: clear encryption keys when freeing a flow (Antoine Tenart) \n- stmmac: dwmac-loongson: fix missing of_node_put() while module exiting (Yang Yingliang) \n- stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe() (Yang Yingliang) \n- stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting (Yang Yingliang) \n- cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) \n- mctp: Fix an error handling path in mctp_init() (Wei Yongjun) \n- stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz (Tan, Tee Min) \n- stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S (Wong Vee Khee) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) \n- net/mlx5e: E-Switch, Fix comparing termination table instance (Roi Dayan) \n- net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) \n- net/mlx5: Bridge, verify LAG state when adding bond to bridge (Vlad Buslov) \n- net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg (M Chetan Kumar) \n- net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) \n- net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() (Zhengchao Shao) \n- netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() (Shigeru Yoshida) \n- netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg() (Ziyang Xuan) \n- perf tools: Add the include/perf/ directory to .gitignore (Donglin Peng) \n- perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- net: lapbether: fix issue of invalid opcode in lapbeth_open() (Zhengchao Shao) \n- dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (Yang Yingliang) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- net: broadcom: Fix BCMGENET Kconfig (YueHaibing) \n- net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable() (Rasmus Villemoes) \n- can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (Lu Wei) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- net: wwan: mhi: fix memory leak in mhi_mbim_dellink (HW He) \n- net: wwan: iosm: fix memory leak in ipc_wwan_dellink (HW He) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- KVM: s390: pv: don't allow userspace to set the clock under PV (Nico Boehr) \n- phy: ralink: mt7621-pci: add sentinel to quirks table (John Thomson) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) \n- net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) \n- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) \n- octeontx2-pf: Use hardware register for CQE count (Geetha sowjanya) \n- macsec: clear encryption keys from the stack after setting up offload (Sabrina Dubroca) \n- macsec: fix detection of RXSCs when toggling offloading (Sabrina Dubroca) \n- macsec: fix secy->n_rx_sc accounting (Sabrina Dubroca) \n- macsec: delete new rxsc when offload fails (Sabrina Dubroca) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- bpf: Fix wrong reg type conversion in release_reference() (Youlin Li) \n- bpf: Add helper macro bpf_for_each_reg_in_vstate (Kumar Kartikeya Dwivedi) \n- bpf, sock_map: Move cancel_work_sync() out of sock lock (Cong Wang) \n- bpf: Fix sockmap calling sleepable function in teardown path (John Fastabend) \n- bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues (Wang Yufen) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE (Pu Lehui) \n- wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (Howard Hsu) \n- bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) \n- bpf, verifier: Fix memory leak in array reallocation for stack state (Kees Cook) \n- soundwire: qcom: check for outanding writes before doing a read (Srinivas Kandagatla) \n- soundwire: qcom: reinit broadcast completion (Srinivas Kandagatla) \n- wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) \n- wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) \n- phy: stm32: fix an error code in probe (Dan Carpenter) \n- hwspinlock: qcom: correct MMIO max register for newer SoCs (Krzysztof Kozlowski) \n- drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (Yang Li) \n- drm/amdkfd: handle CPU fault on COW mapping (Philip Yang) \n- drm/amdkfd: avoid recursive lock in migrations back to RAM (Alex Sierra) \n- fuse: fix readdir cache race (Miklos Szeredi) \n- thunderbolt: Add DP OUT resource when DP tunnel is discovered (Sanjay R Mehta) \n- thunderbolt: Tear down existing tunnels when resuming from hibernate (Mika Westerberg) \n- LTS version: v5.15.78 (Jack Vogel) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) \n- drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) \n- drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) \n- drm/rockchip: dsi: Force synchronous probe (Brian Norris) \n- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (Brian Norris) \n- cifs: fix regression in very old smb1 mounts (Ronnie Sahlberg) \n- ext4,f2fs: fix readahead of verity data (Matthew Wilcox (Oracle)) \n- tee: Fix tee_shm_register() for kernel TEE drivers (Sumit Garg) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: update the emulation mode after rsm (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: arm64: Fix bad dereference on MTE-enabled systems (Ryan Roberts) \n- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (Emanuele Giuseppe Esposito) \n- KVM: x86: Mask off reserved bits in CPUID.8000001FH (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000001H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.80000006H (Jim Mattson) \n- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (Jiri Olsa) \n- ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Avoid printing the hardware path twice (Helge Deller) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- perf/x86/intel: Fix pebs event constraints for SPR (Kan Liang) \n- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) \n- perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) \n- arm64: entry: avoid kprobe recursion (Mark Rutland) \n- efi: random: Use 'ACPI reclaim' memory for random seed (Ard Biesheuvel) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- fuse: add file_modified() to fallocate (Miklos Szeredi) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) \n- tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) \n- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (Steven Rostedt (Google)) \n- kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) \n- tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (Shang XiaoJing) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- ftrace: Fix use-after-free for dynamic ftrace_ops (Li Huafei) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- btrfs: fix tree mod log mishandling of reallocated nodes (Josef Bacik) \n- btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (Filipe Manana) \n- fscrypt: fix keyring memory leak on mount failure (Eric Biggers) \n- fscrypt: stop using keyrings subsystem for fscrypt_master_key (Eric Biggers) \n- af_unix: Fix memory leaks of the whole sk due to OOB skb. (Kuniyuki Iwashima) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- i2c: piix4: Fix adapter not be removed in piix4_remove() (Chen Zhongjin) \n- arm64: dts: juno: Add thermal critical trip points (Cristian Marussi) \n- firmware: arm_scmi: Fix devres allocation device in virtio transport (Cristian Marussi) \n- firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Cristian Marussi) \n- firmware: arm_scmi: Suppress the driver's bind attributes (Cristian Marussi) \n- block: Fix possible memory leak for rq_wb on add_disk failure (Chen Zhongjin) \n- arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) \n- arm64: dts: imx8: correct clock order (Peng Fan) \n- ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (Tim Harvey) \n- clk: qcom: Update the force mem core bit for GPU clocks (Taniya Das) \n- efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) \n- i2c: xiic: Add platform module alias (Martin Tuma) \n- drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (Danijel Slivka) \n- HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) \n- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) \n- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (Ashish Kalra) \n- media: v4l: subdev: Fail graciously when getting try data for NULL state (Sakari Ailus) \n- media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: rkisp1: Zero v4l2_subdev_format fields in when validating links (Laurent Pinchart) \n- media: rkisp1: Use correct macro for gradient registers (Laurent Pinchart) \n- media: rkisp1: Initialize color space on resizer sink and source pads (Laurent Pinchart) \n- media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (Laurent Pinchart) \n- s390/cio: fix out-of-bounds access on cio_ignore free (Peter Oberparleiter) \n- s390/cio: derive cdev information only for IO-subchannels (Vineeth Vijayan) \n- s390/boot: add secure boot trailer (Peter Oberparleiter) \n- s390/uaccess: add missing EX_TABLE entries to __clear_user() (Heiko Carstens) \n- mtd: parsers: bcm47xxpart: Fix halfblock reads (Linus Walleij) \n- mtd: parsers: bcm47xxpart: print correct offset on read error (Rafal Milecki) \n- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (Helge Deller) \n- video/fbdev/stifb: Implement the stifb_fillrect() function (Helge Deller) \n- drm/msm/hdmi: fix IRQ lifetime (Johan Hovold) \n- drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (Daniel Thompson) \n- vsock: fix possible infinite sleep in vsock_connectible_wait_data() (Dexuan Cui) \n- ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net/smc: Fix possible leaked pernet namespace in smc_init() (Chen Zhongjin) \n- stmmac: dwmac-loongson: fix invalid mdio_node (Liu Peibao) \n- ibmvnic: Free rwi on reset success (Nick Child) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: Fix memory leak in vhci_write (Hawkins Jiawei) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: virtio_bt: Use skb_put to set length (Soenke Huster) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- netfilter: ipset: enforce documented limit to prevent allocating huge memory (Jozsef Kadlecsik) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) \n- ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) \n- netfilter: nf_tables: netlink notifier might race to release objects (Pablo Neira Ayuso) \n- net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (Shang XiaoJing) \n- nfc: fdp: Fix potential memory leak in fdp_nci_send() (Shang XiaoJing) \n- net: dsa: fall back to default tagger if we can't load the one from DT (Vladimir Oltean) \n- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) \n- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.2: Fixup CLONE dest file size for zero-length count (Benjamin Coddington) \n- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) \n- NFSv4: Fix a potential state reclaim deadlock (Trond Myklebust) \n- RDMA/hns: Disable local invalidate operation (Yangyang Li) \n- RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (Wenpeng Liang) \n- RDMA/hns: Remove magic number (Xinhao Liu) \n- IB/hfi1: Correctly move list in sc_disable() (Dean Luick) \n- KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (Alexander Graf) \n- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (Alexander Graf) \n- KVM: x86: Protect the unused bits in MSR exiting flags (Aaron Lewis) \n- HID: playstation: add initial DualSense Edge controller support (Roderick Colenbrander) \n- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) \n- drm/amd/display: explicitly disable psr_feature_enable appropriately (Shirish S) \n- KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (Sean Christopherson) \n- serial: ar933x: Deassert Transmit Enable on ->rs485_config() (Lukas Wunner) \n- scsi: lpfc: Rework MIB Rx Monitor debug info logic (James Smart) \n- scsi: lpfc: Adjust CMF total bytes and rxmonitor (James Smart) \n- scsi: lpfc: Adjust bytes received vales during cmf timer interval (James Smart) \n- LTS version: v5.15.77 (Jack Vogel) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) \n- serial: Deassert Transmit Enable on probe in driver-specific way (Lukas Wunner) \n- serial: core: move RS485 configuration tasks from drivers into core (Lino Sanfilippo) \n- can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) \n- can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (Biju Das) \n- scsi: sd: Revert 'scsi: sd: Remove a local variable' (Yu Kuai) \n- arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) \n- net: enetc: survive memory pressure without crashing (Vladimir Oltean) \n- kcm: do not sense pfmemalloc status in kcm_sendpage() (Eric Dumazet) \n- net: do not sense pfmemalloc status in skb_append_pagefrags() (Eric Dumazet) \n- net/mlx5: Fix crash during sync firmware reset (Suresh Devarakonda) \n- net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (Roy Novich) \n- net/mlx5: Print more info on pci error handlers (Saeed Mahameed) \n- net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) \n- net/mlx5e: Extend SKB room check to include PTP-SQ (Aya Levin) \n- net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) \n- netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (Zhengchao Shao) \n- net: broadcom: bcm4908_enet: update TX stats after actual transmission (Rafal Milecki) \n- net: broadcom: bcm4908enet: remove redundant variable bytes (Colin Ian King) \n- nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) \n- net: bcmsysport: Indicate MAC is in charge of PHY PM (Florian Fainelli) \n- net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) \n- openvswitch: switch from WARN to pr_warn (Aaron Conole) \n- ALSA: aoa: Fix I2S device accounting (Takashi Iwai) \n- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) \n- net: ethernet: ave: Fix MAC to be in charge of PHY PM (Kunihiko Hayashi) \n- net: fec: limit register access on i.MX6UL (Juergen Borleis) \n- perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (Shang XiaoJing) \n- PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) \n- net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) \n- i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) \n- i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) \n- i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) \n- ipv6: ensure sane device mtu in tunnels (Eric Dumazet) \n- perf vendor events power10: Fix hv-24x7 metric events (Kajol Jain) \n- media: vivid: set num_in/outputs to 0 if not supported (Hans Verkuil) \n- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) \n- media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) \n- media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) \n- media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) \n- PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) \n- can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (Dongliang Mu) \n- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) \n- drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (Rafael Mendonca) \n- net-memcg: avoid stalls when under memory pressure (Jakub Kicinski) \n- tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) \n- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) \n- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) \n- net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) \n- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) \n- kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) \n- kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) \n- atlantic: fix deadlock at aq_nic_stop (Inigo Huguet) \n- drm/i915/dp: Reset frl trained flag before restarting FRL training (Ankit Nautiyal) \n- amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) \n- amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) \n- x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) \n- nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (Shang XiaoJing) \n- net: macb: Specify PHY PM management done by MAC (Sergiu Moga) \n- net: hinic: fix the issue of double release MBOX callback of VF (Zhengchao Shao) \n- net: hinic: fix the issue of CMDQ memory leaks (Zhengchao Shao) \n- net: hinic: fix memory leak when reading function table (Zhengchao Shao) \n- net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (Zhengchao Shao) \n- net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) \n- tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) \n- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (Maxim Levitsky) \n- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) \n- ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (Srinivasa Rao Mandadapu) \n- mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (Yang Yingliang) \n- arc: iounmap() arg is volatile (Randy Dunlap) \n- sched/core: Fix comparison in sched_group_cookie_match() (Lin Shengwang) \n- perf: Fix missing SIGTRAPs (Peter Zijlstra) \n- ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (Srinivasa Rao Mandadapu) \n- KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (Gavin Shan) \n- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) \n- media: atomisp: prevent integer overflow in sh_css_set_black_frame() (Dan Carpenter) \n- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) \n- net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) \n- ethtool: eeprom: fix null-deref on genl_info in dump (Xin Long) \n- mmc: block: Remove error check of hw_reset on reset (Christian Lohle) \n- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) \n- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) \n- perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) \n- ARC: mm: fix leakage of memory allocated for PTE (Pavel Kozlov) \n- pinctrl: Ingenic: JZ4755 bug fixes (Siarhei Volkau) \n- kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) \n- counter: microchip-tcb-capture: Handle Signal1 read and Synapse (William Breathitt Gray) \n- mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (Sascha Hauer) \n- mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (Patrick Thompson) \n- mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) \n- mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (Brian Norris) \n- coresight: cti: Fix hang in cti_disable_hw() (James Clark) \n- drm/msm/dp: fix IRQ lifetime (Johan Hovold) \n- drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (Prike Liang) \n- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (Manish Rangankar) \n- mac802154: Fix LQI recording (Miquel Raynal) \n- exec: Copy oldsighand->action under spin-lock (Bernd Edlinger) \n- fs/binfmt_elf: Fix memory leak in load_elf_binary() (Li Zetao) \n- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (Rafael J. Wysocki) \n- cpufreq: intel_pstate: Read all MSRs on the target CPU (Rafael J. Wysocki) \n- fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) \n- iio: adxl372: Fix unsafe buffer attributes (Matti Vaittinen) \n- iio: temperature: ltc2983: allocate iio channels once (Cosmin Tanislav) \n- iio: light: tsl2583: Fix module unloading (Shreeya Patel) \n- tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) \n- xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) \n- xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (Mario Limonciello) \n- xhci: Add quirk to reset host back to default state at shutdown (Mathias Nyman) \n- mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) \n- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) \n- usb: bdc: change state when port disconnected (Justin Chen) \n- usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) \n- usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) \n- usb: gadget: uvc: fix sg handling during video encode (Jeff Vanhoof) \n- usb: gadget: uvc: fix sg handling in error case (Dan Vacura) \n- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) \n- ALSA: rme9652: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (Takashi Iwai) \n- ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) \n- can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) \n- can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) \n- NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (Scott Mayhew) \n- NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) \n- rds: ib: Enable FC by default (Hakon Bugge) [Orabug: 33930793] \n- Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34719459] \n- nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34719459] \n- nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34719459] \n- nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34719459] \n- nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34719459] \n- hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772616] \n- mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772616] \n- mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 34772616] \n- mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772616] \n- net/rds: Quiesce heartbeat worker in rds_conn_path_destroy() (Sharath Srinivasan) [Orabug: 34815818] \n- net/rds: Add support for tracing RDS heartbeats (Sharath Srinivasan) [Orabug: 34815818] \n- net/rds: Enable RDS heartbeat by default (Sharath Srinivasan) [Orabug: 34815818] \n- uek-rpm: core.list: add VirtualBox guest drivers to core package (Todd Vierling) [Orabug: 34820755] \n- tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34838996] \n- tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34838996] \n- rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34857202] \n- Revert 'random: clear fast pool, crng, and batches in cpuhp bring up' (Somasundaram Krishnasamy) [Orabug: 34850847] ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "id": "ELSA-2023-12018", "href": "http://linux.oracle.com/errata/ELSA-2023-12018.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:52", "description": "[5.4.17-2136.315.5]\n- Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang)\n [Orabug: 34917369]\n[5.4.17-2136.315.4]\n- net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473]\n- uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug: 33487655]\n- block: fix RO partition with RW disk (Junxiao Bi) [Orabug: 34807898]\n- rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34829924]\n- scsi: mpi3mr: Enable ' CONFIG_SCSI_SAS_ATTRS ' config option (Rhythm Mahajan) [Orabug: 34774474]\n- scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34774474]\n- scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add framework to issue MPT transport cmds (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add framework to issue config requests (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34774474]\n- scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34774474]\n- scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add support for PEL commands (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add support for MPT commands (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34774474]\n- scsi: mpi3mr: Add support for driver commands (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Add bsg device support (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34774474]\n- scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34774474]\n- scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Enhanced Task Management Support Reply handling (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34774474]\n- scsi: mpi3mr: Fix memory leaks (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix reporting of actual data transfer size (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fixes around reply request queues (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (Sreekanth Reddy) [Orabug: 34774474]\n- scsi: mpi3mr: Set up IRQs in resume path (Kashyap Desai) [Orabug: 34774474]\n- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (Chandrakanth patil) [Orabug: 34774474]\n- scsi: mpi3mr: Fix W=1 compilation warnings (Sreekanth Reddy) [Orabug: 34774474]\n- net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (Maxim Mikityanskiy) [Orabug: 34898148]\n- net/mlx5e: Abstract MQPRIO params (Tariq Toukan) [Orabug: 34898148]\n- proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882779] {CVE-2022-4378}\n- proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882779] {CVE-2022-4378}\n[5.4.17-2136.315.3]\n- pensando: kpcimgr: extend API to allow sysfs commands (Rob Gardner) [Orabug: 34676926]\n- hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772617]\n- mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772617]\n- mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772617]\n- rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34849243]\n- Arm64: Pensando: Add support for tps53659 voltage regulator (Austin Sehnert) [Orabug: 34868906]\n- hwmon: (pmbus/core) Add support for vid mode detection per page bases (Vadim Pasternak) [Orabug: 34868906]\n- Arm64: Pensando: Enable ltc2978 driver for Ortano ADI cards (Austin Sehnert) [Orabug: 34873762]\n[5.4.17-2136.315.2]\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) \n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) \n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) \n- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) \n- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) \n- LTS tag: v5.4.224 (Sherry Yang) \n- ipc: remove memcg accounting for sops objects in do_semtimedop() (Vasily Averin) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) {CVE-2022-3628}\n- drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) \n- drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) \n- drm/rockchip: dsi: Force synchronous probe (Brian Norris) \n- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) \n- ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Avoid printing the hardware path twice (Helge Deller) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) \n- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) \n- perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- fuse: add file_modified() to fallocate (Miklos Szeredi) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) \n- tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) \n- kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- binder: fix UAF of alloc->vma in race with munmap() (Carlos Llamas) \n- memcg: enable accounting of ipc resources (Vasily Averin) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() (Chuhong Yuan) \n- xfs: group quota should return EDQUOT when prj quota enabled (Eric Sandeen) \n- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (Dave Chinner) \n- xfs: use ordered buffers to initialize dquot buffers during quotacheck (Darrick J. Wong) \n- xfs: don't fail verifier on empty attr3 leaf block (Brian Foster) \n- i2c: xiic: Add platform module alias (Martin Tuma) \n- HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) \n- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) \n- media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) \n- ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) \n- net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) \n- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) \n- IB/hfi1: Correctly move list in sc_disable() (Dean Luick) \n- LTS tag: v5.4.223 (Sherry Yang) \n- can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) \n- net: enetc: survive memory pressure without crashing (Vladimir Oltean) \n- net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) \n- net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) \n- nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) \n- net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) \n- openvswitch: switch from WARN to pr_warn (Aaron Conole) \n- ALSA: aoa: Fix I2S device accounting (Takashi Iwai) \n- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) \n- PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) \n- net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) \n- i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) \n- i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) \n- i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) \n- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) \n- media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) \n- media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) \n- media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) \n- PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) \n- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) \n- tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) \n- net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) \n- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) \n- kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) \n- kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) \n- amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) \n- amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) \n- x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) \n- net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) \n- tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) \n- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) \n- arc: iounmap() arg is volatile (Randy Dunlap) \n- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) \n- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) \n- net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) \n- mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) \n- cgroup-v1: add disabled controller check in cgroup1_parse_param() (Chen Zhou) \n- xen/gntdev: Prevent leaking grants (M. Vefa Bicakci) \n- Xen/gntdev: don't ignore kernel unmapping error (Jan Beulich) \n- xfs: force the log after remapping a synchronous-writes file (Chandan Babu R) \n- xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush (Chandan Babu R) \n- xfs: finish dfops on every insert range shift iteration (Chandan Babu R) \n- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) \n- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) \n- perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) \n- kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) \n- mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) \n- drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) \n- mac802154: Fix LQI recording (Miquel Raynal) \n- fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) \n- iio: light: tsl2583: Fix module unloading (Shreeya Patel) \n- tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) \n- xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) \n- mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) \n- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) \n- usb: bdc: change state when port disconnected (Justin Chen) \n- usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) \n- usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) \n- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) \n- ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) \n- can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) \n- can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) \n- LTS tag: v5.4.222 (Sherry Yang) \n- once: fix section mismatch on clang builds (Greg Kroah-Hartman) \n- LTS tag: v5.4.221 (Sherry Yang) \n- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) \n- hv_netvsc: Fix race between VF offering and VF association message from host (Gaurav Kohli) \n- Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) \n- ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) \n- riscv: topology: fix default topology reporting (Conor Dooley) \n- arm64: topology: move store_cpu_topology() to shared code (Conor Dooley) \n- iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) \n- net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) \n- net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) \n- net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) \n- net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) \n- HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) \n- tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) \n- tipc: Fix recognition of trial period (Mark Tomlinson) \n- ACPI: extlog: Handle multiple records (Tony Luck) \n- btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) \n- btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) \n- r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) \n- arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) \n- media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) \n- KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) \n- ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) \n- ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) \n- hwmon/coretemp: Handle large core ID value (Zhang Rui) \n- ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) \n- ocfs2: clear dinode links count in case of error (Joseph Qi) \n- xfs: fix use-after-free on CIL context on shutdown (Dave Chinner) \n- xfs: reflink should force the log out if mounted with wsync (Christoph Hellwig) \n- xfs: factor out a new xfs_log_force_inode helper (Christoph Hellwig) \n- xfs: trylock underlying buffer on dquot flush (Brian Foster) \n- xfs: don't write a corrupt unmount record to force summary counter recalc (Darrick J. Wong) \n- xfs: tail updates only need to occur when LSN changes (Dave Chinner) \n- xfs: factor common AIL item deletion code (Dave Chinner) \n- xfs: preserve default grace interval during quotacheck (Darrick J. Wong) \n- xfs: fix unmount hang and memory leak on shutdown during quotaoff (Brian Foster) \n- xfs: factor out quotaoff intent AIL removal and memory free (Brian Foster) \n- xfs: Replace function declaration by actual definition (Pavel Reichl) \n- xfs: remove the xfs_qoff_logitem_t typedef (Pavel Reichl) \n- xfs: remove the xfs_dq_logitem_t typedef (Pavel Reichl) \n- xfs: remove the xfs_disk_dquot_t and xfs_dquot_t (Pavel Reichl) \n- xfs: check owner of dir3 blocks (Darrick J. Wong) \n- xfs: check owner of dir3 data blocks (Darrick J. Wong) \n- xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails (Darrick J. Wong) \n- xfs: xfs_buf_corruption_error should take __this_address (Darrick J. Wong) \n- xfs: add a function to deal with corrupt buffers post-verifiers (Darrick J. Wong) \n- xfs: rework collapse range into an atomic operation (Brian Foster) \n- xfs: rework insert range into an atomic operation (Brian Foster) \n- xfs: open code insert range extent split helper (Brian Foster) \n- LTS tag: v5.4.220 (Sherry Yang) \n- thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) \n- inet: fully convert sk->sk_rx_dst to RCU rules (Eric Dumazet) \n- efi: libstub: drop pointless get_memory_map() call (Ard Biesheuvel) \n- md: Replace snprintf with scnprintf (Saurabh Sengar) \n- ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) \n- net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) \n- Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) \n- perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) \n- clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) \n- usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) \n- nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) \n- nvme: copy firmware_rev on each init (Keith Busch) \n- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) \n- Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) \n- usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) \n- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) \n- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) \n- HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) \n- bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) \n- ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) \n- staging: vt6655: fix potential memory leak (Nam Cao) \n- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) \n- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) \n- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) \n- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) \n- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) \n- clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) \n- btrfs: scrub: try to fix super block errors (Qu Wenruo) \n- ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6q: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) \n- mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) \n- drm/amdgpu: fix initial connector audio value (hongao) \n- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) \n- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) \n- drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) \n- drm/amd/display: fix overflow on MIN_I64 definition (David Gow) \n- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) \n- drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) \n- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) \n- r8152: Rate limit overflow messages (Andrew Gaul) \n- Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) \n- net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) \n- wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) \n- wifi: rt2x00: set SoC wmac clock register (Daniel Golle) \n- wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) \n- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) \n- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) \n- can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) \n- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) \n- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) \n- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) \n- xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) \n- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) \n- tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) \n- openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) \n- openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) \n- bpftool: Clear errno after libcap's checks (Quentin Monnet) \n- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) \n- NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) \n- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) \n- powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) \n- MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) \n- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) \n- f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) \n- crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) \n- kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) \n- iommu/iova: Fix module config properly (Robin Murphy) \n- crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) \n- crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) \n- iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) \n- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) \n- powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) \n- powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) \n- x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) \n- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) \n- powerpc/pci_dn: Add missing of_node_put() (Liang He) \n- powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) \n- powerpc/math_emu/efp: Include module.h (Nathan Chancellor) \n- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) \n- clk: ast2600: BCLK comes from EPLL (Joel Stanley) \n- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) \n- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) \n- spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) \n- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) \n- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) \n- mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) \n- mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) \n- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) \n- mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) \n- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) \n- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) \n- fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) \n- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) \n- serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) \n- firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) \n- staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) \n- phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) \n- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) \n- drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) \n- usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) \n- xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) \n- md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) \n- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) \n- ata: fix ata_id_has_dipm() (Niklas Cassel) \n- ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) \n- ata: fix ata_id_has_devslp() (Niklas Cassel) \n- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) \n- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) \n- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) \n- dyndbg: let query-modname override actual module name (Jim Cromie) \n- dyndbg: fix module.dyndbg handling (Jim Cromie) \n- misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) \n- RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) \n- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) \n- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) \n- tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) \n- media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) \n- HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) \n- HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) \n- clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) \n- clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) \n- clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) \n- clk: berlin: Add of_node_put() for of_get_parent() (Liang He) \n- clk: oxnas: Hold reference returned by of_get_parent() (Liang He) \n- clk: meson: Hold reference returned by of_get_parent() (Liang He) \n- iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) \n- iio: inkern: only release the device node when done with it (Nuno Sa) \n- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) \n- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) \n- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) \n- ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) \n- ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) \n- ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) \n- ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) \n- ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) \n- ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) \n- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) \n- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) \n- memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) \n- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) \n- ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) \n- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) \n- ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) \n- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) \n- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) \n- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) \n- drm/omap: dss: Fix refcount leak bugs (Liang He) \n- ASoC: rsnd: Add check for rsnd_mod_power_on (Jiasheng Jiang) \n- drm/bridge: megachips: Fix a null pointer dereference bug (Zheyu Ma) \n- drm: fix drm_mipi_dbi build errors (Randy Dunlap) \n- platform/x86: msi-laptop: Fix resource cleanup (Hans de Goede) \n- platform/x86: msi-laptop: Fix old-ec check for backlight registering (Hans de Goede) \n- platform/chrome: fix memory corruption in ioctl (Dan Carpenter) \n- platform/chrome: fix double-free in chromeos_laptop_prepare() (Rustam Subkhankulov) \n- drm/mipi-dsi: Detach devices when removing the host (Maxime Ripard) \n- drm: bridge: adv7511: fix CEC power down control register offset (Alvin Sipraga) \n- net: mvpp2: fix mvpp2 debugfs leak (Russell King (Oracle)) \n- once: add DO_ONCE_SLOW() for sleepable contexts (Eric Dumazet) \n- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Jianglei Nie) \n- tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited (Neal Cardwell) \n- sctp: handle the error returned from sctp_auth_asoc_init_active_key (Xin Long) \n- vhost/vsock: Use kvmalloc/kvfree for larger packets. (Junichi Uekawa) \n- spi: s3c64xx: Fix large transfers with DMA (Vincent Whitchurch) \n- netfilter: nft_fib: Fix for rpath check with VRF devices (Phil Sutter) \n- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (Zhang Qilong) \n- x86/microcode/AMD: Track patch allocation size explicitly (Kees Cook) \n- bpf: Ensure correct locking around vulnerable function find_vpid() (Lee Jones) \n- net: fs_enet: Fix wrong check in do_pd_setup (Zheng Yongjun) \n- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (Bitterblue Smith) \n- bpf: btf: fix truncated last_member_type_id in btf_struct_resolve (Lorenz Bauer) \n- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (Bitterblue Smith) \n- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (Xu Qiang) \n- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (Xu Qiang) \n- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (Dan Carpenter) \n- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (Kohei Tarumizu) \n- bpftool: Fix a wrong type cast in btf_dumper_int (Lam Thai) \n- wifi: mac80211: allow bw change during channel switch in mesh (Hari Chandrakanthan) \n- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (Wen Gong) \n- nfsd: Fix a memory leak in an error handling path (Christophe JAILLET) \n- ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (Wang Kefeng) \n- sh: machvec: Use char[] for section boundaries (Kees Cook) \n- userfaultfd: open userfaultfds with O_RDONLY (Ondrej Mosnacek) \n- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (Waiman Long) \n- selinux: use 'grep -E' instead of 'egrep' (Greg Kroah-Hartman) \n- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (Jianglei Nie) \n- gcov: support GCC 12.1 and newer compilers (Martin Liska) \n- KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (Sean Christopherson) \n- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (Sean Christopherson) \n- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (Michal Luczaj) \n- media: cedrus: Set the platform driver data earlier (Dmitry Osipenko) \n- ring-buffer: Fix race between reset page and reading page (Steven Rostedt (Google)) \n- ring-buffer: Check pending waiters when doing wake ups as well (Steven Rostedt (Google)) \n- ring-buffer: Have the shortest_full queue be the shortest not longest (Steven Rostedt (Google)) \n- ring-buffer: Allow splice to read previous partially read pages (Steven Rostedt (Google)) \n- ftrace: Properly unset FTRACE_HASH_FL_MOD (Zheng Yejian) \n- livepatch: fix race between fork and KLP transition (Rik van Riel) \n- ext4: place buffer head allocation before handle start (Jinke Han) \n- ext4: make ext4_lazyinit_thread freezable (Lalith Rajendran) \n- ext4: fix null-ptr-deref in ext4_write_info (Baokun Li) \n- ext4: avoid crash when inline data creation follows DIO write (Jan Kara) \n- jbd2: wake up journal waiters in FIFO order, not LIFO (Andrew Perepechko) \n- nilfs2: fix use-after-free bug of struct nilfs_root (Ryusuke Konishi) \n- f2fs: fix to do sanity check on summary info (Chao Yu) \n- f2fs: fix to do sanity check on destination blkaddr during recovery (Chao Yu) \n- f2fs: increase the limit for reserve_root (Jaegeuk Kim) \n- btrfs: fix race between quota enable and quota rescan ioctl (Filipe Manana) \n- fbdev: smscufx: Fix use-after-free in ufx_ops_open() (Hyunwoo Kim) \n- powerpc/boot: Explicitly disable usage of SPE instructions (Pali Rohar) \n- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (Maciej W. Rozycki) \n- UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) \n- riscv: Pass -mno-relax only on lld < 15.0.0 (Fangrui Song) \n- riscv: Allow PROT_WRITE-only mmap() (Andrew Bresticker) \n- parisc: fbdev/stifb: Align graphics memory size to 4MB (Helge Deller) \n- RISC-V: Make port I/O string accessors actually work (Maciej W. Rozycki) \n- regulator: qcom_rpm: Fix circular deferral regression (Linus Walleij) \n- ASoC: wcd9335: fix order of Slimbus unprepare/disable (Krzysztof Kozlowski) \n- quota: Check next/prev free block number after reading from quota file (Zhihao Cheng) \n- HID: multitouch: Add memory barriers (Andri Yngvason) \n- fs: dlm: handle -EBUSY first in lock arg validation (Alexander Aring) \n- fs: dlm: fix race between test_bit() and queue_work() (Alexander Aring) \n- mmc: sdhci-sprd: Fix minimum clock limit (Wenchao Chen) \n- can: kvaser_usb_leaf: Fix CAN state after restart (Anssi Hannula) \n- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (Anssi Hannula) \n- can: kvaser_usb_leaf: Fix overread with an invalid command (Anssi Hannula) \n- can: kvaser_usb: Fix use of uninitialized completion (Anssi Hannula) \n- usb: add quirks for Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) \n- iio: pressure: dps310: Reset chip after timeout (Eddie James) \n- iio: pressure: dps310: Refactor startup procedure (Eddie James) \n- iio: dac: ad5593r: Fix i2c read protocol requirements (Michael Hennerich) \n- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (Zhang Xiaoxu) \n- cifs: destage dirty pages before re-reading them for cache=none (Ronnie Sahlberg) \n- mtd: rawnand: atmel: Unmap streaming DMA mappings (Tudor Ambarus) \n- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (Saranya Gopal) \n- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (Luke D. Jones) \n- ALSA: usb-audio: Fix NULL dererence at error path (Takashi Iwai) \n- ALSA: usb-audio: Fix potential memory leaks (Takashi Iwai) \n- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (Takashi Iwai) \n- ALSA: oss: Fix potential deadlock at unregistration (Takashi Iwai) \n- LTS tag: v5.4.219 (Sherry Yang) \n- wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg) {CVE-2022-42719}\n- wifi: mac80211: don't parse mbssid in assoc response (Johannes Berg) \n- mac80211: mlme: find auth challenge directly (Johannes Berg)\n[5.4.17-2136.315.1]\n- Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34716494]\n- nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34716494]\n- nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34716494]\n- nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34716494]\n- nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34716494]\n- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (James Smart) [Orabug: 34716494]\n- nvme-fc: avoid race between time out and tear down (James Smart) [Orabug: 34716494]\n- nvme-fc: update hardware queues before using them (Daniel Wagner) [Orabug: 34716494]\n- nvme-fabrics: reject I/O to offline device (Victor Gladkov) [Orabug: 34716494]\n- nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (James Smart) [Orabug: 34716494]\n- RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj (Jason Gunthorpe) [Orabug: 34802357]\n- RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event (Jason Gunthorpe) [Orabug: 34802357]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42895", "CVE-2022-4378"], "modified": "2023-01-09T00:00:00", "id": "ELSA-2023-12009", "href": "http://linux.oracle.com/errata/ELSA-2023-12009.html", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:49", "description": "[5.4.17-2136.315.5]\n- Revert 'xfs: Lower CIL flush limit for large logs' (Sherry Yang) [Orabug: 34917369] \n- Revert 'xfs: Throttle commits on delayed background CIL push' (Sherry Yang) [Orabug: 34917369] \n- Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug: 34917369]\n[5.4.17-2136.315.4]\n- net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473] \n- uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug: 33487655] \n- block: fix RO partition with RW disk (Junxiao Bi) [Orabug: 34807898] \n- rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34829924] \n- scsi: mpi3mr: Enable ' CONFIG_SCSI_SAS_ATTRS ' config option (Rhythm Mahajan) [Orabug: 34774474] \n- scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34774474] \n- scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add framework to issue MPT transport cmds (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add framework to issue config requests (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34774474] \n- scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34774474] \n- scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add support for PEL commands (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add support for MPT commands (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34774474] \n- scsi: mpi3mr: Add support for driver commands (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Add bsg device support (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34774474] \n- scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34774474] \n- scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Enhanced Task Management Support Reply handling (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34774474] \n- scsi: mpi3mr: Fix memory leaks (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix reporting of actual data transfer size (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fixes around reply request queues (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (Sreekanth Reddy) [Orabug: 34774474] \n- scsi: mpi3mr: Set up IRQs in resume path (Kashyap Desai) [Orabug: 34774474] \n- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (Chandrakanth patil) [Orabug: 34774474] \n- scsi: mpi3mr: Fix W=1 compilation warnings (Sreekanth Reddy) [Orabug: 34774474] \n- net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (Maxim Mikityanskiy) [Orabug: 34898148] \n- net/mlx5e: Abstract MQPRIO params (Tariq Toukan) [Orabug: 34898148] \n- net/mlx5e: Fix division by 0 in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34898148] \n- proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882779] {CVE-2022-4378}\n- proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882779] {CVE-2022-4378}\n[5.4.17-2136.315.3]\n- pensando: kpcimgr: extend API to allow sysfs commands (Rob Gardner) [Orabug: 34676926] \n- hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772617] \n- mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772617] \n- mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772617] \n- rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34849243] \n- Arm64: Pensando: Add support for tps53659 voltage regulator (Austin Sehnert) [Orabug: 34868906] \n- hwmon: (pmbus/core) Add support for vid mode detection per page bases (Vadim Pasternak) [Orabug: 34868906] \n- Arm64: Pensando: Enable ltc2978 driver for Ortano ADI cards (Austin Sehnert) [Orabug: 34873762]\n[5.4.17-2136.315.2]\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) \n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) \n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) \n- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) \n- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) \n- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) \n- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) \n- LTS tag: v5.4.224 (Sherry Yang) \n- ipc: remove memcg accounting for sops objects in do_semtimedop() (Vasily Averin) \n- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) \n- drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) \n- drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) \n- drm/rockchip: dsi: Force synchronous probe (Brian Norris) \n- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) \n- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) \n- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) \n- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) \n- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) \n- KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) \n- ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) \n- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) \n- parisc: Avoid printing the hardware path twice (Helge Deller) \n- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) \n- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) \n- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) \n- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) \n- perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) \n- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) \n- fuse: add file_modified() to fallocate (Miklos Szeredi) \n- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) \n- tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) \n- tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) \n- kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) \n- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) \n- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) \n- binder: fix UAF of alloc->vma in race with munmap() (Carlos Llamas) \n- memcg: enable accounting of ipc resources (Vasily Averin) \n- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) \n- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) \n- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895}\n- xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() (Chuhong Yuan) \n- xfs: group quota should return EDQUOT when prj quota enabled (Eric Sandeen) \n- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (Dave Chinner) \n- xfs: use ordered buffers to initialize dquot buffers during quotacheck (Darrick J. Wong) \n- xfs: don't fail verifier on empty attr3 leaf block (Brian Foster) \n- i2c: xiic: Add platform module alias (Martin Tuma) \n- HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) \n- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) \n- media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) \n- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) \n- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) \n- ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) \n- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) \n- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) \n- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) \n- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) \n- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) \n- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) \n- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) \n- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) \n- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) \n- ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) \n- ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) \n- ipvs: use explicitly signed chars (Jason A. Donenfeld) \n- netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) \n- net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) \n- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) \n- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) \n- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) \n- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) \n- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) \n- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) \n- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) \n- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) \n- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) \n- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) \n- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) \n- IB/hfi1: Correctly move list in sc_disable() (Dean Luick) \n- LTS tag: v5.4.223 (Sherry Yang) \n- can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) \n- net: enetc: survive memory pressure without crashing (Vladimir Oltean) \n- net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) \n- net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) \n- nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) \n- net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) \n- openvswitch: switch from WARN to pr_warn (Aaron Conole) \n- ALSA: aoa: Fix I2S device accounting (Takashi Iwai) \n- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) \n- PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) \n- net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) \n- i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) \n- i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) \n- i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) \n- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) \n- media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) \n- media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) \n- media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) \n- PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) \n- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) \n- tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) \n- net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) \n- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) \n- kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) \n- kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) \n- amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) \n- amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) \n- x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) \n- net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) \n- tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) \n- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) \n- arc: iounmap() arg is volatile (Randy Dunlap) \n- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) \n- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) \n- net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) \n- mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) \n- cgroup-v1: add disabled controller check in cgroup1_parse_param() (Chen Zhou) \n- xen/gntdev: Prevent leaking grants (M. Vefa Bicakci) \n- Xen/gntdev: don't ignore kernel unmapping error (Jan Beulich) \n- xfs: force the log after remapping a synchronous-writes file (Chandan Babu R) \n- xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush (Chandan Babu R) \n- xfs: finish dfops on every insert range shift iteration (Chandan Babu R) \n- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) \n- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) \n- perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) \n- kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) \n- mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) \n- drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) \n- drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) \n- mac802154: Fix LQI recording (Miquel Raynal) \n- fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) \n- iio: light: tsl2583: Fix module unloading (Shreeya Patel) \n- tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) \n- xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) \n- mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) \n- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) \n- usb: bdc: change state when port disconnected (Justin Chen) \n- usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) \n- usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) \n- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) \n- ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) \n- ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) \n- can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) \n- can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) \n- LTS tag: v5.4.222 (Sherry Yang) \n- once: fix section mismatch on clang builds (Greg Kroah-Hartman) \n- LTS tag: v5.4.221 (Sherry Yang) \n- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) \n- hv_netvsc: Fix race between VF offering and VF association message from host (Gaurav Kohli) \n- Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) \n- ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) \n- riscv: topology: fix default topology reporting (Conor Dooley) \n- arm64: topology: move store_cpu_topology() to shared code (Conor Dooley) \n- iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) \n- net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) \n- net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) \n- net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) \n- net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) \n- HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) \n- tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) \n- tipc: Fix recognition of trial period (Mark Tomlinson) \n- ACPI: extlog: Handle multiple records (Tony Luck) \n- btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) \n- btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) \n- r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) \n- arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) \n- media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) \n- KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) \n- ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) \n- ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) \n- hwmon/coretemp: Handle large core ID value (Zhang Rui) \n- ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) \n- ocfs2: clear dinode links count in case of error (Joseph Qi) \n- xfs: fix use-after-free on CIL context on shutdown (Dave Chinner) \n- xfs: reflink should force the log out if mounted with wsync (Christoph Hellwig) \n- xfs: factor out a new xfs_log_force_inode helper (Christoph Hellwig) \n- xfs: trylock underlying buffer on dquot flush (Brian Foster) \n- xfs: don't write a corrupt unmount record to force summary counter recalc (Darrick J. Wong) \n- xfs: tail updates only need to occur when LSN changes (Dave Chinner) \n- xfs: factor common AIL item deletion code (Dave Chinner) \n- xfs: Throttle commits on delayed background CIL push (Dave Chinner) \n- xfs: Lower CIL flush limit for large logs (Dave Chinner) \n- xfs: preserve default grace interval during quotacheck (Darrick J. Wong) \n- xfs: fix unmount hang and memory leak on shutdown during quotaoff (Brian Foster) \n- xfs: factor out quotaoff intent AIL removal and memory free (Brian Foster) \n- xfs: Replace function declaration by actual definition (Pavel Reichl) \n- xfs: remove the xfs_qoff_logitem_t typedef (Pavel Reichl) \n- xfs: remove the xfs_dq_logitem_t typedef (Pavel Reichl) \n- xfs: remove the xfs_disk_dquot_t and xfs_dquot_t (Pavel Reichl) \n- xfs: check owner of dir3 blocks (Darrick J. Wong) \n- xfs: check owner of dir3 data blocks (Darrick J. Wong) \n- xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails (Darrick J. Wong) \n- xfs: xfs_buf_corruption_error should take __this_address (Darrick J. Wong) \n- xfs: add a function to deal with corrupt buffers post-verifiers (Darrick J. Wong) \n- xfs: rework collapse range into an atomic operation (Brian Foster) \n- xfs: rework insert range into an atomic operation (Brian Foster) \n- xfs: open code insert range extent split helper (Brian Foster) \n- LTS tag: v5.4.220 (Sherry Yang) \n- thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) \n- inet: fully convert sk->sk_rx_dst to RCU rules (Eric Dumazet) \n- efi: libstub: drop pointless get_memory_map() call (Ard Biesheuvel) \n- md: Replace snprintf with scnprintf (Saurabh Sengar) \n- ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) \n- net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) \n- Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) \n- perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) \n- clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) \n- usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) \n- nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) \n- nvme: copy firmware_rev on each init (Keith Busch) \n- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) \n- Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) \n- usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) \n- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) \n- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) \n- HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) \n- bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) \n- ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) \n- staging: vt6655: fix potential memory leak (Nam Cao) \n- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) \n- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) \n- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) \n- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) \n- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) \n- clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) \n- btrfs: scrub: try to fix super block errors (Qu Wenruo) \n- ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx6q: add missing properties for sram (Alexander Stein) \n- ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) \n- mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) \n- drm/amdgpu: fix initial connector audio value (hongao) \n- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) \n- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) \n- drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) \n- drm/amd/display: fix overflow on MIN_I64 definition (David Gow) \n- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) \n- drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) \n- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) \n- r8152: Rate limit overflow messages (Andrew Gaul) \n- Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) \n- net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) \n- wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) \n- wifi: rt2x00: set SoC wmac clock register (Daniel Golle) \n- wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) \n- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) \n- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) \n- can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) \n- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) \n- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) \n- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) \n- xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) \n- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) \n- tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) \n- openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) \n- openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) \n- bpftool: Clear errno after libcap's checks (Quentin Monnet) \n- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) \n- NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) \n- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) \n- powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) \n- MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) \n- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) \n- f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) \n- crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) \n- kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) \n- iommu/iova: Fix module config properly (Robin Murphy) \n- crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) \n- crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) \n- iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) \n- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) \n- powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) \n- powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) \n- x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) \n- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) \n- powerpc/pci_dn: Add missing of_node_put() (Liang He) \n- powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) \n- powerpc/math_emu/efp: Include module.h (Nathan Chancellor) \n- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) \n- clk: ast2600: BCLK comes from EPLL (Joel Stanley) \n- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) \n- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) \n- spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) \n- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) \n- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) \n- mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) \n- mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) \n- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) \n- mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) \n- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) \n- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) \n- fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) \n- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) \n- serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) \n- firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) \n- staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) \n- phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) \n- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) \n- drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) \n- usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) \n- xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) \n- md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) \n- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) \n- ata: fix ata_id_has_dipm() (Niklas Cassel) \n- ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) \n- ata: fix ata_id_has_devslp() (Niklas Cassel) \n- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) \n- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) \n- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) \n- dyndbg: let query-modname override actual module name (Jim Cromie) \n- dyndbg: fix module.dyndbg handling (Jim Cromie) \n- misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) \n- RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) \n- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) \n- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) \n- tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) \n- media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) \n- HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) \n- HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) \n- clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) \n- clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) \n- clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) \n- clk: berlin: Add of_node_put() for of_get_parent() (Liang He) \n- clk: oxnas: Hold reference returned by of_get_parent() (Liang He) \n- clk: meson: Hold reference returned by of_get_parent() (Liang He) \n- iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) \n- iio: inkern: only release the device node when done with it (Nuno Sa) \n- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) \n- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) \n- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) \n- ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) \n- ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) \n- ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) \n- ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) \n- ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) \n- ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) \n- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) \n- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) \n- memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) \n- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) \n- ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) \n- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (Zhang Qilong) \n- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (Zhang Qilong) \n- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (Zhang Qilong) \n- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) \n- ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) \n- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) \n- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) \n- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) \n- drm/omap: dss: Fix refcount leak bugs (Liang He) \n- ASoC: rsnd: Add check for rsnd_mod_power_on (Jiasheng Jiang) \n- drm/bridge: megachips: Fix a null pointer dereference bug (Zheyu Ma) \n- drm: fix drm_mipi_dbi build errors (Randy Dunlap) \n- platform/x86: msi-laptop: Fix resource cleanup (Hans de Goede) \n- platform/x86: msi-laptop: Fix old-ec check for backlight registering (Hans de Goede) \n- platform/chrome: fix memory corruption in ioctl (Dan Carpenter) \n- platform/chrome: fix double-free in chromeos_laptop_prepare() (Rustam Subkhankulov) \n- drm/mipi-dsi: Detach devices when removing the host (Maxime Ripard) \n- drm: bridge: adv7511: fix CEC power down control register offset (Alvin Sipraga) \n- net: mvpp2: fix mvpp2 debugfs leak (Russell King (Oracle)) \n- once: add DO_ONCE_SLOW() for sleepable contexts (Eric Dumazet) \n- net/ieee802154: reject zero-sized raw_sendmsg() (Tetsuo Handa) \n- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Jianglei Nie) \n- tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited (Neal Cardwell) \n- sctp: handle the error returned from sctp_auth_asoc_init_active_key (Xin Long) \n- vhost/vsock: Use kvmalloc/kvfree for larger packets. (Junichi Uekawa) \n- spi: s3c64xx: Fix large transfers with DMA (Vincent Whitchurch) \n- netfilter: nft_fib: Fix for rpath check with VRF devices (Phil Sutter) \n- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (Zhang Qilong) \n- x86/microcode/AMD: Track patch allocation size explicitly (Kees Cook) \n- bpf: Ensure correct locking around vulnerable function find_vpid() (Lee Jones) \n- net: fs_enet: Fix wrong check in do_pd_setup (Zheng Yongjun) \n- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (Bitterblue Smith) \n- bpf: btf: fix truncated last_member_type_id in btf_struct_resolve (Lorenz Bauer) \n- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (Bitterblue Smith) \n- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (Xu Qiang) \n- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (Xu Qiang) \n- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (Dan Carpenter) \n- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (Kohei Tarumizu) \n- bpftool: Fix a wrong type cast in btf_dumper_int (Lam Thai) \n- wifi: mac80211: allow bw change during channel switch in mesh (Hari Chandrakanthan) \n- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (Wen Gong) \n- nfsd: Fix a memory leak in an error handling path (Christophe JAILLET) \n- ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (Wang Kefeng) \n- sh: machvec: Use char[] for section boundaries (Kees Cook) \n- userfaultfd: open userfaultfds with O_RDONLY (Ondrej Mosnacek) \n- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (Waiman Long) \n- selinux: use 'grep -E' instead of 'egrep' (Greg Kroah-Hartman) \n- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (Jianglei Nie) \n- gcov: support GCC 12.1 and newer compilers (Martin Liska) \n- KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (Sean Christopherson) \n- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (Sean Christopherson) \n- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (Michal Luczaj) \n- media: cedrus: Set the platform driver data earlier (Dmitry Osipenko) \n- ring-buffer: Fix race between reset page and reading page (Steven Rostedt (Google)) \n- ring-buffer: Check pending waiters when doing wake ups as well (Steven Rostedt (Google)) \n- ring-buffer: Have the shortest_full queue be the shortest not longest (Steven Rostedt (Google)) \n- ring-buffer: Allow splice to read previous partially read pages (Steven Rostedt (Google)) \n- ftrace: Properly unset FTRACE_HASH_FL_MOD (Zheng Yejian) \n- livepatch: fix race between fork and KLP transition (Rik van Riel) \n- ext4: place buffer head allocation before handle start (Jinke Han) \n- ext4: make ext4_lazyinit_thread freezable (Lalith Rajendran) \n- ext4: fix null-ptr-deref in ext4_write_info (Baokun Li) \n- ext4: avoid crash when inline data creation follows DIO write (Jan Kara) \n- jbd2: wake up journal waiters in FIFO order, not LIFO (Andrew Perepechko) \n- nilfs2: fix use-after-free bug of struct nilfs_root (Ryusuke Konishi) \n- f2fs: fix to do sanity check on summary info (Chao Yu) \n- f2fs: fix to do sanity check on destination blkaddr during recovery (Chao Yu) \n- f2fs: increase the limit for reserve_root (Jaegeuk Kim) \n- btrfs: fix race between quota enable and quota rescan ioctl (Filipe Manana) \n- fbdev: smscufx: Fix use-after-free in ufx_ops_open() (Hyunwoo Kim) \n- powerpc/boot: Explicitly disable usage of SPE instructions (Pali Rohar) \n- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (Maciej W. Rozycki) \n- UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) \n- riscv: Pass -mno-relax only on lld < 15.0.0 (Fangrui Song) \n- riscv: Allow PROT_WRITE-only mmap() (Andrew Bresticker) \n- parisc: fbdev/stifb: Align graphics memory size to 4MB (Helge Deller) \n- RISC-V: Make port I/O string accessors actually work (Maciej W. Rozycki) \n- regulator: qcom_rpm: Fix circular deferral regression (Linus Walleij) \n- ASoC: wcd9335: fix order of Slimbus unprepare/disable (Krzysztof Kozlowski) \n- quota: Check next/prev free block number after reading from quota file (Zhihao Cheng) \n- HID: multitouch: Add memory barriers (Andri Yngvason) \n- fs: dlm: handle -EBUSY first in lock arg validation (Alexander Aring) \n- fs: dlm: fix race between test_bit() and queue_work() (Alexander Aring) \n- mmc: sdhci-sprd: Fix minimum clock limit (Wenchao Chen) \n- can: kvaser_usb_leaf: Fix CAN state after restart (Anssi Hannula) \n- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (Anssi Hannula) \n- can: kvaser_usb_leaf: Fix overread with an invalid command (Anssi Hannula) \n- can: kvaser_usb: Fix use of uninitialized completion (Anssi Hannula) \n- usb: add quirks for Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) \n- iio: pressure: dps310: Reset chip after timeout (Eddie James) \n- iio: pressure: dps310: Refactor startup procedure (Eddie James) \n- iio: dac: ad5593r: Fix i2c read protocol requirements (Michael Hennerich) \n- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (Zhang Xiaoxu) \n- cifs: destage dirty pages before re-reading them for cache=none (Ronnie Sahlberg) \n- mtd: rawnand: atmel: Unmap streaming DMA mappings (Tudor Ambarus) \n- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (Saranya Gopal) \n- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (Luke D. Jones) \n- ALSA: usb-audio: Fix NULL dererence at error path (Takashi Iwai) \n- ALSA: usb-audio: Fix potential memory leaks (Takashi Iwai) \n- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (Takashi Iwai) \n- ALSA: oss: Fix potential deadlock at unregistration (Takashi Iwai) \n- LTS tag: v5.4.219 (Sherry Yang) \n- wifi: mac80211: fix MBSSID parsing use-after-free (Johannes Berg) \n- wifi: mac80211: don't parse mbssid in assoc response (Johannes Berg) \n- mac80211: mlme: find auth challenge directly (Johannes Berg)\n[5.4.17-2136.315.1]\n- Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34716494] \n- nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34716494] \n- nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34716494] \n- nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34716494] \n- nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34716494] \n- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (James Smart) [Orabug: 34716494] \n- nvme-fc: avoid race between time out and tear down (James Smart) [Orabug: 34716494] \n- nvme-fc: update hardware queues before using them (Daniel Wagner) [Orabug: 34716494] \n- nvme-fabrics: reject I/O to offline device (Victor Gladkov) [Orabug: 34716494] \n- nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (James Smart) [Orabug: 34716494] \n- RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj (Jason Gunthorpe) [Orabug: 34802357] \n- RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event (Jason Gunthorpe) [Orabug: 34802357]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42895", "CVE-2022-4378"], "modified": "2023-01-09T00:00:00", "id": "ELSA-2023-12008", "href": "http://linux.oracle.com/errata/ELSA-2023-12008.html", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:48", "description": "[5.4.17-2136.316.7]\n- runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045]\n[5.4.17-2136.316.6]\n- block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] \n- powercap: intel_rapl: support new layout of Psys PowerLimit Register on SPR (Zhang Rui) [Orabug: 34953089] \n- block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 34979810] \n- usb: dwc3: core: fix kernel panic when do reboot (Peter Chen) [Orabug: 34988646] \n- usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (Jack Pham) [Orabug: 34988646]\n[5.4.17-2136.316.5]\n- net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979171]\n[5.4.17-2136.316.4]\n- Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700110] \n- net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607845] \n- net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600820] \n- net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 34314503] \n- net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556038] \n- net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560701] \n- IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34821074] \n- vhost-scsi: Fix max number of virtqueues (Mike Christie) [Orabug: 34915128] \n- uek-rpm: Add nft_reject* modules to nano rpm. (Somasundaram Krishnasamy) [Orabug: 34966035] \n- rds: ib: Avoid tear-down of caches unless already initialized (Hakon Bugge) [Orabug: 34830755] \n- x86/kexec: Do not reserve EFI setup_data in the kexec e820 table (Dave Young) [Orabug: 34864098] \n- KVM: SVM: Fix AVIC GATag to support max number of vCPUs (Suravee Suthikulpanit) [Orabug: 34961704]\n[5.4.17-2136.316.3]\n- LTS tag: v5.4.228 (Sherry Yang) \n- ASoC: ops: Correct bounds check for second channel on SX controls (Charles Keepax) \n- can: mcba_usb: Fix termination command argument (Yasushi SHOJI) \n- can: sja1000: fix size of OCR_MODE_MASK define (Heiko Schocher) \n- pinctrl: meditatek: Startup with the IRQs disabled (Ricardo Ribalda) \n- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (Mark Brown) \n- nfp: fix use-after-free in area_cache_get() (Jialiang Wang) \n- block: unhash blkdev part inode when the part is deleted (Ming Lei) \n- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) \n- x86/smpboot: Move rcu_cpu_starting() earlier (Paul E. McKenney) \n- net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head (Lorenzo Colitti) \n- LTS tag: v5.4.227 (Sherry Yang) \n- can: esd_usb: Allow REC and TEC to return to zero (Frank Jungclaus) \n- net: mvneta: Fix an out of bounds check (Dan Carpenter) \n- ipv6: avoid use-after-free in ip6_fragment() (Eric Dumazet) \n- net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() (Yang Yingliang) \n- xen/netback: fix build warning (Juergen Gross) \n- ethernet: aeroflex: fix potential skb leak in greth_init_rings() (Zhang Changzhong) \n- ipv4: Fix incorrect route flushing when table ID 0 is used (Ido Schimmel) \n- ipv4: Fix incorrect route flushing when source address is deleted (Ido Schimmel) \n- tipc: Fix potential OOB in tipc_link_proto_rcv() (YueHaibing) \n- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (Liu Jian) \n- net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (Liu Jian) \n- net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq (Yongqiang Liu) \n- net: stmmac: fix 'snps,axi-config' node property parsing (Jisheng Zhang) \n- nvme initialize core quirks before calling nvme_init_subsystem (Pankaj Raghav) \n- NFC: nci: Bounds check struct nfc_target arrays (Kees Cook) \n- i40e: Disallow ip4 and ip6 l4_4_bytes (Przemyslaw Patynowski) \n- i40e: Fix for VF MAC address 0 (Sylwester Dziedziuch) \n- i40e: Fix not setting default xps_cpus after reset (Michal Jaron) \n- net: mvneta: Prevent out of bounds read in mvneta_config_rss() (Dan Carpenter) \n- xen-netfront: Fix NULL sring after live migration (Lin Liu) \n- net: encx24j600: Fix invalid logic in reading of MISTAT register (Valentina Goncharenko) \n- net: encx24j600: Add parentheses to fix precedence (Valentina Goncharenko) \n- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (Wei Yongjun) \n- selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (Zhengchao Shao) \n- net: dsa: ksz: Check return value (Artem Chernyshev) \n- Bluetooth: Fix not cleanup led when bt_init fails (Chen Zhongjin) \n- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (Wang ShaoBo) \n- af_unix: Get user_ns from in_skb in unix_diag_get_exact(). (Kuniyuki Iwashima) \n- igb: Allocate MSI-X vector when testing (Akihiko Odaki) \n- e1000e: Fix TX dispatch condition (Akihiko Odaki) \n- gpio: amd8111: Fix PCI device reference count leak (Xiongfeng Wang) \n- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (Qiqi Zhang) \n- ca8210: Fix crash by zero initializing data (Hauke Mehrtens) \n- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (Ziyang Xuan) \n- can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) \n- HID: core: fix shift-out-of-bounds in hid_report_raw_event (ZhangPeng) \n- HID: hid-lg4ff: Add check for empty lbuf (Anastasia Belova) \n- HID: usbhid: Add ALWAYS_POLL quirk for some mice (Ankit Patel) \n- drm/shmem-helper: Remove errant put in error path (Rob Clark) \n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) \n- mm/gup: fix gup_pud_range() for dax (John Starks) \n- memcg: fix possible use-after-free in memcg_write_event_control() (Tejun Heo) \n- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (Hans Verkuil) \n- Revert 'net: dsa: b53: Fix valid setting for MDB entries' (Rafal Milecki) \n- xen/netback: don't call kfree_skb() with interrupts disabled (Juergen Gross) \n- xen/netback: do some code cleanup (Juergen Gross) \n- xen/netback: Ensure protocol headers don't fall in the non-linear area (Ross Lagerwall) \n- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (Jann Horn) \n- mm/khugepaged: fix GUP-fast interaction by sending IPI (Jann Horn) \n- mm/khugepaged: take the right locks for page table retraction (Jann Horn) \n- net: usb: qmi_wwan: add u-blox 0x1342 composition (Davide Tronchin) \n- 9p/xen: check logical size for buffer size (Dominique Martinet) \n- fbcon: Use kzalloc() in fbcon_prepare_logo() (Tetsuo Handa) \n- regulator: twl6030: fix get status of twl6032 regulators (Andreas Kemnade) \n- ASoC: soc-pcm: Add NULL check in BE reparenting (Srinivasa Rao Mandadapu) \n- btrfs: send: avoid unaligned encoded writes when attempting to clone range (Filipe Manana) \n- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (Kees Cook) \n- regulator: slg51000: Wait after asserting CS pin (Konrad Dybcio) \n- 9p/fd: Use P9_HDRSZ for header size (GUO Zihua) \n- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (Johan Jonker) \n- ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation (Giulio Benetti) \n- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (Tomislav Novak) \n- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (Johan Jonker) \n- ARM: dts: rockchip: fix ir-receiver node names (Johan Jonker) \n- arm: dts: rockchip: fix node name for hym8563 rtc (Sebastian Reichel) \n- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (FUKAUMI Naoki) \n- LTS tag: v5.4.226 (Sherry Yang) \n- ipc/sem: Fix dangling sem_array access in semtimedop race (Jann Horn) \n- v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (Linus Torvalds) \n- mmc: sdhci: Fix voltage switch delay (Adrian Hunter) \n- mmc: sdhci: use FIELD_GET for preset value bit masks (Masahiro Yamada) \n- char: tpm: Protect tpm_pm_suspend with locks (Jan Dabros) \n- Revert 'clocksource/drivers/riscv: Events are stopped during CPU suspend' (Conor Dooley) \n- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (Michael Kelley) \n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (Pawan Gupta) \n- x86/tsx: Add a feature bit for TSX control MSR support (Pawan Gupta) \n- nvme: ensure subsystem reset is single threaded (Keith Busch) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- epoll: check for events when removing a timed out thread from the wait queue (Soheil Hassas Yeganeh) \n- epoll: call final ep_events_available() check under the lock (Roman Penyaev) \n- ipv4: Fix route deletion when nexthop info is not specified (Ido Schimmel) \n- ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern) \n- selftests: net: fix nexthop warning cleanup double ip typo (Nikolay Aleksandrov) \n- selftests: net: add delete nexthop route warning test (Nikolay Aleksandrov) \n- Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled (Lee Jones) \n- parisc: Increase FRAME_WARN to 2048 bytes on parisc (Helge Deller) \n- xtensa: increase size of gcc stack frame check (Guenter Roeck) \n- parisc: Increase size of gcc stack frame check (Helge Deller) \n- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (Xiongfeng Wang) \n- pinctrl: single: Fix potential division by zero (Maxim Korotkov) \n- ASoC: ops: Fix bounds check for _sx controls (Mark Brown) \n- mm: Fix '.data.once' orphan section warning (Nathan Chancellor) \n- arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 (James Morse) \n- arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors (James Morse) \n- tracing: Free buffers when a used dynamic event is removed (Steven Rostedt (Google)) \n- mmc: sdhci-sprd: Fix no reset data and command after voltage switch (Wenchao Chen) \n- mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (Sebastian Falbesoner) \n- mmc: core: Fix ambiguous TRIM and DISCARD arg (Christian Lohle) \n- mmc: mmc_test: Fix removal of debugfs file (Ye Bin) \n- pinctrl: intel: Save and restore pins in 'direct IRQ' mode (Andy Shevchenko) \n- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (ZhangPeng) \n- tools/vm/slabinfo-gnuplot: use 'grep -E' instead of 'egrep' (Tiezhu Yang) \n- error-injection: Add prompt for function error injection (Steven Rostedt (Google)) \n- net/mlx5: DR, Fix uninitialized var warning (YueHaibing) \n- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (Yang Yingliang) \n- hwmon: (coretemp) Check for null before removing sysfs attrs (Phil Auld) \n- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (Yoshihiro Shimoda) \n- sctp: fix memory leak in sctp_stream_outq_migrate() (Zhengchao Shao) \n- packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (Willem de Bruijn) \n- net: tun: Fix use-after-free in tun_detach() (Shigeru Yoshida) \n- afs: Fix fileserver probe RTT handling (David Howells) \n- net: hsr: Fix potential use-after-free (YueHaibing) \n- dsa: lan9303: Correct stat name (Jerry Ray) \n- net: ethernet: nixge: fix NULL dereference (Yuri Karpov) \n- net/9p: Fix a potential socket leak in p9_socket_open (Wang Hai) \n- net: net_netdev: Fix error handling in ntb_netdev_init_module() (Yuan Can) \n- net: phy: fix null-ptr-deref while probe() failed (Yang Yingliang) \n- wifi: cfg80211: fix buffer overflow in elem comparison (Johannes Berg) \n- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (Duoming Zhou) \n- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (Zhang Changzhong) \n- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (Zhang Changzhong) \n- net/mlx5e: Fix use-after-free when reverting termination table (Roi Dayan) \n- net/mlx5: Fix uninitialized variable bug in outlen_write() (YueHaibing) \n- of: property: decrement node refcount in of_fwnode_get_reference_args() (Yang Yingliang) \n- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (Gaosheng Cui) \n- hwmon: (i5500_temp) fix missing pci_disable_device() (Yang Yingliang) \n- scripts/faddr2line: Fix regression in name resolution on ppc64le (Srikar Dronamraju) \n- iio: light: rpr0521: add missing Kconfig dependencies (Paul Gazzillo) \n- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (Wei Yongjun) \n- iio: health: afe4403: Fix oob read in afe4403_read_raw (Wei Yongjun) \n- btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (ChenXiaoSong) \n- drm/amdgpu: Partially revert 'drm/amdgpu: update drm_display_info correctly when the edid is read' (Alex Deucher) \n- drm/amdgpu: update drm_display_info correctly when the edid is read (Claudio Suarez) \n- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (Nikolay Borisov) \n- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (Frieder Schrempf) \n- btrfs: free btrfs_path before copying inodes to userspace (Anand Jain) \n- fuse: lock inode unconditionally in fuse_fallocate() (Miklos Szeredi) \n- drm/i915: fix TLB invalidation for Gen12 video and compute engines (Andrzej Hajda) {CVE-2022-4139}\n- drm/amdgpu: always register an MMU notifier for userptr (Christian Konig) \n- drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN (Lyude Paul) \n- btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() (Zhen Lei) \n- btrfs: free btrfs_path before copying subvol info to userspace (Anand Jain) \n- btrfs: free btrfs_path before copying fspath to userspace (Anand Jain) \n- btrfs: free btrfs_path before copying root refs to userspace (Josef Bacik) \n- binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 (Alessandro Astone) \n- binder: Address corner cases in deferred copy and fixup (Alessandro Astone) \n- binder: fix pointer cast warning (Arnd Bergmann) \n- binder: defer copies of pre-patched txn data (Todd Kjos) \n- binder: read pre-translated fds from sender buffer (Todd Kjos) \n- binder: avoid potential data leakage when copying txn (Todd Kjos) \n- dm integrity: flush the journal on suspend (Mikulas Patocka) \n- net: usb: qmi_wwan: add Telit 0x103a composition (Enrico Sau) \n- tcp: configurable source port perturb table size (Gleb Mazovetskiy) \n- platform/x86: hp-wmi: Ignore Smart Experience App event (Kai-Heng Feng) \n- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (Hans de Goede) \n- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (Xiongfeng Wang) \n- xen/platform-pci: add missing free_irq() in error path (ruanjinjie) \n- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (Lukas Wunner) \n- ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (Hans de Goede) \n- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (Aman Dhoot) \n- gcov: clang: fix the buffer overflow issue (Mukesh Ojha) \n- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (Chen Zhongjin) \n- firmware: coreboot: Register bus in module init (Brian Norris) \n- firmware: google: Release devices before unregistering the bus (Patrick Rudolph) \n- ceph: avoid putting the realm twice when decoding snaps fails (Xiubo Li) \n- ceph: do not update snapshot context when there is no new snapshot (Xiubo Li) \n- iio: pressure: ms5611: fixed value compensation bug (Mitja Spes) \n- iio: ms5611: Simplify IO callback parameters (Lars-Peter Clausen) \n- nios2: add FORCE for vmlinuz.gz (Randy Dunlap) \n- init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (Alexandre Belloni) \n- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (Chen Zhongjin) \n- iio: light: apds9960: fix wrong register for gesture gain (Alejandro Concepcion Rodriguez) \n- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (Jakob Unterwurzacher) \n- usb: dwc3: exynos: Fix remove() function (Marek Szyprowski) \n- lib/vdso: use 'grep -E' instead of 'egrep' (Greg Kroah-Hartman) \n- s390/crashdump: fix TOD programmable field size (Heiko Carstens) \n- net: thunderx: Fix the ACPI memory leak (Yu Liao) \n- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (Martin Faltesek) \n- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- s390/dasd: fix no record found for raw_track_access (Stefan Haberland) \n- dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). (Kuniyuki Iwashima) \n- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Yang Yingliang) \n- regulator: twl6030: re-add TWL6032_SUBCLASS (Andreas Kemnade) \n- NFC: nci: fix memory leak in nci_rx_data_packet() (Liu Shixin) \n- xfrm: Fix ignored return value in xfrm6_init() (Chen Zhongjin) \n- tipc: check skb_linearize() return value in tipc_disc_rcv() (YueHaibing) \n- tipc: add an extra conn_get in tipc_conn_alloc (Xin Long) \n- tipc: set con sock in tipc_conn_alloc (Xin Long) \n- net/mlx5: Fix FW tracer timestamp calculation (Moshe Shemesh) \n- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (Yang Yingliang) \n- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (Yang Yingliang) \n- nfp: add port from netdev validation for EEPROM access (Jaco Coetzee) \n- net: pch_gbe: fix pci device refcount leak while module exiting (Yang Yingliang) \n- net/qla3xxx: fix potential memleak in ql3xxx_send() (Zhang Changzhong) \n- net/mlx4: Check retval of mlx4_bitmap_init (Peter Kosyh) \n- ARM: mxs: fix memory leak in mxs_machine_init() (Zheng Yongjun) \n- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (Zhengchao Shao) \n- net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (Wang Hai) \n- nfc/nci: fix race with opening and closing (Lin Ma) \n- net: liquidio: simplify if expression (Leon Romanovsky) \n- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (Michael Grzeschik) \n- tee: optee: fix possible memory leak in optee_register_device() (Yang Yingliang) \n- bus: sunxi-rsb: Support atomic transfers (Samuel Holland) \n- regulator: core: fix UAF in destroy_regulator() (Yang Yingliang) \n- regulator: core: fix kobject release warning and memory leak in regulator_register() (Zeng Heng) \n- ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (Detlev Casanova) \n- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (Dominik Haller) \n- af_key: Fix send_acquire race with pfkey_register (Herbert Xu) \n- MIPS: pic32: treat port as signed integer (Jason A. Donenfeld) \n- RISC-V: vdso: Do not add missing symbols to version section in linker script (Nathan Chancellor) \n- arm64/syscall: Include asm/ptrace.h in syscall_wrapper header. (Kuniyuki Iwashima) \n- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (Yu Kuai) \n- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (Hans de Goede) \n- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (Sean Nyekjaer) \n- wifi: mac80211: Fix ack frame idr leak when mesh has no route (Nicolas Cavallari) \n- audit: fix undefined behavior in bit shift for AUDIT_BIT (Gaosheng Cui) \n- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (Jonas Jelonek) \n- wifi: mac80211: fix memory free error when registering wiphy fail (taozhang) \n- LTS tag: v5.4.225 (Sherry Yang) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- Input: i8042 - fix leaking of platform device on module removal (Chen Jun) \n- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) \n- scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) \n- ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- docs: update mediator contact information in CoC doc (Shuah Khan) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) \n- Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- speakup: fix a segfault caused by switching consoles (Mushahid Hussain) \n- slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) \n- Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) \n- net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- net: macvlan: Use built-in RCU list checking (Chuang Wang) \n- net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) \n- arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) \n- arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- siox: fix possible memory leak in siox_device_add() (Yang Yingliang) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: imx: Add missing .thaw_noirq hook (Shawn Guo) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) \n- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) \n- NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) \n- selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) \n- ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) \n- ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) \n- ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) \n- spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) \n- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) \n- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) \n- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) \n- MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- riscv: process: fix kernel info leakage (Jisheng Zhang) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) \n- net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) \n- net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) \n- perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) \n- net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) \n- wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) \n- wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) \n- phy: stm32: fix an error code in probe (Dan Carpenter) \n- xfs: drain the buf delwri queue before xfsaild idles (Brian Foster) \n- xfs: preserve inode versioning across remounts (Eric Sandeen) \n- xfs: use MMAPLOCK around filemap_map_pages() (Dave Chinner) \n- xfs: redesign the reflink remap loop to fix blkres depletion crash (Darrick J. Wong) \n- xfs: rename xfs_bmap_is_real_extent to is_written_extent (Darrick J. Wong) \n- xfs: preserve rmapbt swapext block reservation from freed blocks (Brian Foster)\n[5.4.17-2136.316.2]\n- netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351486] \n- uek-rpm: ol7: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol7: Add Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Add Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol7: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: Add kabi tool and documentation (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: update config files for SDK-11.22.10 (Dave Kleikamp) [Orabug: 34671021] \n- drivers: soc: fwlog: Fix compiler warnings (Dave Kleikamp) [Orabug: 34671021] \n- firmware: octeontx2: sfp-info: Update sfp_info_data (Piyush Malgujar) [Orabug: 34671021] \n- octeontx2-pcicons: provide toggle for trace_printk (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: fix TIM disable lf sequence (Pavan Nikhilesh) [Orabug: 34671021] \n- driver core: Use unbound workqueue for deferred probes (Yogesh Lal) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: fix for PTP BCN delta (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: soc: sw_up: Fix compatibility (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 34671021] \n- octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P added tc enablement command (Yi Guo) [Orabug: 34671021] \n- octeontx2-af: Don't return error when SMQ flush fails (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Use PTP ring tail index to read timestamp (Baha Mesleh) [Orabug: 34671021] \n- PCI: octeontx2-pem-ep: Setup BAR4 region for PTP block access (Roy Franz) [Orabug: 34671021] \n- octeontx2-af: mcs: set force clock enable (Ankur Dwivedi) [Orabug: 34671021] \n- drivers: pci-octeon-pem: Rectify RC link recover work (Suneel Garapati) [Orabug: 34671021] \n- octeontx2-af: Add support for RPM FEC stats (Hariprasad Kelam) [Orabug: 34671021] \n- firmware: octeontx2: sfp-info: check supported platforms first (Damian Eppel) [Orabug: 34671021] \n- drivers: pci: octeon-pem: Fix hardware issue (Suneel Garapati) [Orabug: 34671021] \n- octeontx-af: mcs: Fix mcs interrupt irq name (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-bphy-netdev: PTP 1-step improvements (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: mcs: add port config mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: add port reset mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: add packet steering rules support (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: set CPT CTX ILEN to 1 (Tejasree Kondoj) [Orabug: 34671021] \n- octeontx2-af: mcs: add pn threshold mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: extend mcs interrupt handling (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-bphy-netdev:: Share RFOE PTP offset with host (Roy Franz) [Orabug: 34671021] \n- octeontx2-bphy-netdev: PTP BCN synchronization support for CNF10k platforms. (Rakesh Babu Saladi) [Orabug: 34671021] \n- hwrng: cn10k - Make check_rng_health() return an error code (Vladis Dronov) [Orabug: 34671021] \n- hwrng: cn10k - Optimize cn10k_rng_read() (Vladis Dronov) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Add cnf10k rfoe debugfs (Baha Mesleh) [Orabug: 34671021] \n- octeontx2-af: serialize bar2 alias access (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: add mbox to return CPT_AF_FLT_INT info (Srujana Challa) [Orabug: 34671021] \n- Revert 'octeontx2-af: set pkind for LBK interfaces' (Sunil Kovvuri Goutham) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf105xxn: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Modify PTP timestamp format. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-bphy-netdev: convert MIO_PTP_TIMESTAMP value to nsecs (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pcicons: adjust padding size for RT (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-pcicons: remove dev_err() from TTY write (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-pcicons: wait longer for the buffer (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: Fix return value in rvu_mbox_handler_nix_lf_stop_rx (Naveen Mamindlapalli) [Orabug: 34671021] \n- soc: octeontx2-sdp: add multi-PF support in SDP (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- firmware: smccc: Fix check for ARCH_SOC_ID not implemented (Michael Kelley) [Orabug: 34671021] \n- firmware: smccc: Export both smccc functions (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Add ARCH_SOC_ID support (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Update link to latest SMCCC specification (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Fix missing prototype warning for arm_smccc_version_init (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Refactor SMCCC specific bits into separate file (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (Sudeep Holla) [Orabug: 34671021] \n- firmware/psci: use common SMCCC_CONDUIT_* (Gowthami Thiagarajan) [Orabug: 34671021] \n- octeontx2-pf: fix hardware timestamp issue for ptp slave (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: add read back of AF_BAR2_SEL register (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: fix CPT FLT handler (Srujana Challa) [Orabug: 34671021] \n- drivers: soc: fwlog: Extend firmware bootlog support for cn10k and cn9x (Pragnesh Patel) [Orabug: 34671021] \n- octeontx2-af: remove support to limit xaq depth (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-pcicons: disable IRQ when taking a lock (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: set pkind for LBK interfaces (Liron Himi) [Orabug: 34671021] \n- octeontx2-af: Generate masks for packet header fields correctly (Subbaraya Sundeep) [Orabug: 34671021] \n- misc: bphy: disable ctr module on non-BPHY boards (Jakub Palider) [Orabug: 34671021] \n- driver: mmc: sdhci-cadence: Dump more PHY registers (Chandrakala Chavva) [Orabug: 34671021] \n- uek-rpm: aarch64 embedded: disable CONFIG_EFI_BOOTEFI_BUG (Dave Kleikamp) [Orabug: 34671021] \n- octeontx2-af: fix rvu_cgx_tx_enable to return success for vfs (Naveen Mamindlapalli) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Adding mub_gen dependency (Piyush Malgujar) [Orabug: 34671021] \n- drivers: sdhci-cadence: Update HS200 tuning values (Jayanthi Annadurai) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix updating JD pkt length and blocksize (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Re-enable mac tx in otx2_stop routine (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt coalescing (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix improper names used for IRQs. (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: sdhci-cadence: Increase hold time for HS52 and DDR52 modes (Jayanthi Annadurai) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Config memtest module as trisate (Piyush Malgujar) [Orabug: 34671021] \n- driver: edac: octeontx: Add CPU RAS error report (Vasyl Gomonovych) [Orabug: 34671021] \n- perf cs-etm: Use existing decoder instead of resetting it (James Clark) [Orabug: 34671021] \n- perf cs-etm: Suppress printing when resetting decoder (James Clark) [Orabug: 34671021] \n- perf cs-etm: Only setup queues when they are modified (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split setup and timestamp search functions (James Clark) [Orabug: 34671021] \n- perf cs-etm: Refactor initialisation of kernel start address (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split --dump-raw-trace by AUX records (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split Coresight decode by aux records (James Clark) [Orabug: 34671021] \n- perf cs-etm: Delay decode of non-timeless data until cs_etm__flush_events() (James Clark) [Orabug: 34671021] \n- perf cs-etm: Remove callback cs_etm_find_snapshot() (Leo Yan) [Orabug: 34671021] \n- perf cs-etm: Move synth_opts initialisation (James Clark) [Orabug: 34671021] \n- perf cs-etm: Set time on synthesised samples to preserve ordering (James Clark) [Orabug: 34671021] \n- perf cs-etm: Refactor timestamp variable names (James Clark) [Orabug: 34671021] \n- perf session: Add facility to peek at all events (Adrian Hunter) [Orabug: 34671021] \n- octeontx2-af: Do not use default unicast entry action always (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: modify FLR sequence for CPT (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: Do not read CGX FEC CSRs on CN10K (Sunil Goutham) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Fix Kconfig dependency (Piyush Malgujar) [Orabug: 34671021] \n- driver :soc :phy7121:MACsec: Params support for SA (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-af: Derive fifo size assigned to given LMAC (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: CN10KB MAC RPM_100/USX support (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: Support variable number of LMACS per MAC (Hariprasad Kelam) [Orabug: 34671021] \n- i2c: mv64xxx: Fix random system lock caused by runtime PM (Marek Behun) [Orabug: 34671021] \n- octeontx2-af: add support for SSO WQE stashing (Pavan Nikhilesh) [Orabug: 34671021] \n- octeontx2-af: add additional description to irqs (Pavan Nikhilesh) [Orabug: 34671021] \n- uek-rpm: update config files for SDK-11.22.08 (Dave Kleikamp) [Orabug: 34671021] \n- drivers: marvell: otx2-sdei-ghes: Fix error records overflow (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-af: mcs: Fix rvu mcs initialization (Geetha sowjanya) [Orabug: 34671021] \n- irqchip/gicv3-its: Workaround for Marvell errata 35443 for 9xx (Geetha sowjanya) [Orabug: 34671021] \n- driver: edac: octeontx: Refactor EDAC driver (Vasyl Gomonovych) [Orabug: 34671021] \n- drivers: soc: sw_up: Update return code handling (Witold Sadowski) [Orabug: 34671021] \n- drivers: firmware: octeontx2: fixing the return values (Piyush Malgujar) [Orabug: 34671021] \n- drivers: i2c: octeon: Skip M divider limit for OcteonTX2 (Suneel Garapati) [Orabug: 34671021] \n- driver: firmware: Fix kconfig dependencies on mhu driver (Chandrakala Chavva) [Orabug: 34671021] \n- octeontx2-af: mcs: Add SA interrupt handling support (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-af: add SSO XAQ AURA access errata workaround (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-af: add programming SDP BPID in cn10k (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: Enable LBK links only when switch mode is on. (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-pf: Forward VF UP messages iff VFs are present (Subbaraya Sundeep) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P added rclk command to adv feature (Yi Guo) [Orabug: 34671021] \n- octeontx2-af: mcs: Set mcs to bypass on error (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: HW workaround for NPA buffer free (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-pf: Fix SQE threshold checking (Ratheesh Kannoth) [Orabug: 34671021] \n- octeontx2-af: ptp: Fix the sequence of register configuration (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Fixes compilation warning for KASAN build (Suman Ghosh) [Orabug: 34671021] \n- coresight: Add Coresight kdump support (Linu Cherian) [Orabug: 34671021] \n- coresight: Add provision for kdump sync callbacks (Linu Cherian) [Orabug: 34671021] \n- driver: mmc: ACPI support added for eMMC driver for T9x. (Piyush Malgujar) [Orabug: 34671021] \n- octeontx2-pf: Fix TSOv6 offload (Sunil Goutham) [Orabug: 34671021] \n- irqchip/gic-v3: Detect LPI invalidation MMIO registers (Linu Cherian) [Orabug: 34671021] \n- irqchip/gic-v3: Exposes bit values for GICR_CTLR.{IR, CES} (Marc Zyngier) [Orabug: 34671021] \n- irqchip/gic-v3-its: Allow LPI invalidation via the DirectLPI interface (Marc Zyngier) [Orabug: 34671021] \n- irqchip/gic-v3-its: Factor out wait_for_syncr primitive (Marc Zyngier) [Orabug: 34671021] \n- octeontx2-pf: Fix VF mbox forwarding handling (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: Fix BPID calculation for SDP (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 34671021] \n- octeontx2-bphy-netdev: IOCTL to read input clock parameters. (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: soc: sw_up: Add async clone support (Witold Sadowski) [Orabug: 34671021] \n- crypto: octeontx2: add CN10KB SG support (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: cnf10k-b: mcs: Add mbox to set port mode (Geetha sowjanya) [Orabug: 34671021] \n- driver: edac: octeontx: Rename some macros and variables (Chandrakala Chavva) [Orabug: 34671021] \n- crypto: octeontx2: decrease CPT_AF_CTX_FLUSH_TIMER count (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: update cpt engines status debugfs entry (Srujana Challa) [Orabug: 34671021] \n- driver: mailbox: Cleanup dead code (Wojciech Bartczak) [Orabug: 34671021] \n- drivers: marvell: otx2-sdei-ghes: Fix BERT report driver (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix cnf10k link state set (Baha Mesleh) [Orabug: 34671021] \n- otx2-bphy-netdev: synchronize BCN to PTP slave clock. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-bphy-netdev: stop pkt transmission when psm queue is disabled (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 34671021] \n- edac: Add spinlock to protect ring buffer read/write (Vasyl Gomonovych) [Orabug: 34671021] \n- EDAC: OcteonTX: Fix build issues when ACPI is disabled (Piyush Malgujar) [Orabug: 34671021] \n- drivers: soc: sw_up: Add async hash verification option (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: Fix pf bitmap for RVU VFs (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Add debugfs support (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Support to reset MCS stats (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Support to retrieve MCS stats (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cnf10k-b: mcs: Add support for CNF10K MCS (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Install TCAM bypass entry (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Mbox handlers to establish CA (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Mbox to allocate/free MCS resources (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Allocate structs for MCS resources (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k: mcs: Add MCS basic driver support (Geetha sowjanya) [Orabug: 34671021] \n- mailbox: marvell: Initialize interrupts only if there's client for data (Wojciech Bartczak) [Orabug: 34671021] \n- mailbox: marvell: Fix driver dependencies list (Wojciech Bartczak) [Orabug: 34671021] \nheader file (Piyush Malgujar) [Orabug: 34671021] \n- EDAC: OcteonTX: Remove redundant ACPI_APEI_GHES (Vasyl Gomonovych) [Orabug: 34671021] \n- drivers: sdhci-cadence: Initialize slew and drive values (Jayanthi Annadurai) [Orabug: 34671021] \n- octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 34671021] \n- drivers: soc: sw_up: Use new and previous smc_update_descriptor (Witold Sadowski) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P Fixed Warnings. (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-pcicons: Adjust padding size for RT (Ratheesh Kannoth) [Orabug: 34671021] \n- genirq: Increase the number of interrupters (George Cherian) [Orabug: 34671021] \n- octeontx2-af: Skip PFs if not enabled (Ratheesh Kannoth) [Orabug: 34671021] \n- crypto: octeontx2: add pdcp chain to capabilities (Srujana Challa) [Orabug: 34671021] \n- crypto: octeontx2: set sso_pf_func_ovrd only for 96xx A0/B0 (Srujana Challa) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: fix compilation warning (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: use platform_get_irq_optional for PSM GPINT2 (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: ptp: modify workaround for cn10k pps errata (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: add support to parse custom ether type (Kiran Kumar K) [Orabug: 34671021] \n- soc: octeontx2-sdp: program SDP_EPVF_RING (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: timeout while draining SSO queues (Shijith Thotton) [Orabug: 34671021] \n- firmware: mub: Add CN10K memory test configuration utility (Wojciech Bartczak) [Orabug: 34671021] \n- soc: octeontx2-sdp: remove dependency from PCI revision (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- drivers: sdhci-cadence: Fix high speed mode hold time (Jayanthi Annadurai) [Orabug: 34671021] \n- crypto: octeontx2: add support for 103xx firmware load (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: update CPT inbound inline IPsec config mailbox (Srujana Challa) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P: config is only valid on ARM64 (Dave Kleikamp) [Orabug: 34956505] \n- driver: soc: mrvl_phy7121P PHY ADVANCE FEATURES: (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Fix incorrect PTP clock frequency. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: Allow mcam entries for promiscous rule for CN10K-A and CN10K-B soc. (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: ptp: use 950MHz clock for ptp slave (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: ptp: Fix ptp clock counter read (Naveen Mamindlapalli) [Orabug: 34671021] \n- perf/marvell: Update dev name in Marvell DDR PMU (Amit Singh Tomar) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix ethtool stats string order (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: spi: cadence-xspi: Force single modebyte (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: fix lbk link credits on cn10k (Nithin Dabilpuram) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: add PTP slave support. (Rakesh Babu Saladi) [Orabug: 34671021] \n- perf/marvell_cn10k: support older DT properties for TAD PMU (Tanmay Jagdale) [Orabug: 34671021] \n- perf/marvell: get ddr speed from 'marvell,ddr-speed' (Amit Singh Tomar) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Fix ptp hardware clock counter conversion (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: Add L2M/L2B header extraction support (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-pf: Fix invalid pkt count send to dql_completed() (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: fix CPT engine recovery (Srujana Challa) [Orabug: 34671021] \n- iommu/arm-smmu-v3: Ratelimit event dump (Jean-Philippe Brucker) [Orabug: 34671021] \n- cn10k: Add workaround for MRVL TAD Errata-38891 (Bharat Bhushan) [Orabug: 34671021] \n- edac: Fix cn10ka dss error injection (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-af: Fix NIX link credits (Sunil Goutham) [Orabug: 34671021] \n- edac: Read sdei vector number from HEST table (Vasyl Gomonovych) [Orabug: 34671021] \n- edac: Add Core error report (Vasyl Gomonovych) [Orabug: 34671021] \n- driver: clk: Remove SCLK clock driver for ACPI platforms (Wojciech Bartczak) [Orabug: 34671021] \n- octeontx2-af: Initialize the PTP_SEC_ROLLOVER register properly (Naveen Mamindlapalli) [Orabug: 34671021] \n- cnf10k-rfoe: skb shinfo falls on a different cacheline, avoid reading it (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Adjust structure elements to reduce cache misses (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Avoid costly iova_to_virt of packet dma address in xmit (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Cleanup packet stats maintenance (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Optimize packet length retrieval for non-ecpri packets (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Remove duplicate error checking (Sunil Goutham) [Orabug: 34671021] \n- octeontx2-af: add mbox for CPT LF reset (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: cn10k: Set NIX DWRR MTU for CN10KB silicon (Sunil Goutham) [Orabug: 34671021] \n- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) [Orabug: 34671021] \n- octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 34671021] \n- octeontx2-bphy-netdev: use sw timecounter for ptp phc (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: allow lower threshold in sso group qos mbox (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) [Orabug: 34671021] \n- drivers: soc: sw_up: Add force clone option (Witold Sadowski) [Orabug: 34671021] \n- perf/marvell_cn10k: update tad property names (Tanmay Jagdale) [Orabug: 34671021] \n- octeontx2-pf: Added validation check to configure adaptive interrupt coalesing. (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-af: setup Tx link credit based on lmac id (Nithin Dabilpuram) [Orabug: 34671021] \n- firmware: smccc: Reflect firmware reported smccc version (Linu Cherian) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Add PTP 2S legacy mode support. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 34671021] \n- firmware: octeontx2: Enable RPRAM driver for ASIM targets (Wojciech Bartczak) [Orabug: 34671021] \n- octeontx2-pf: Free pending and dropped SQEs (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: recover CPT engine when it gets fault (Srujana Challa) [Orabug: 34671021] \n- crypto: octeontx2: remove CPT block reset (Srujana Challa) [Orabug: 34671021] \n- octeontx2-pf: Add support for ptp 1-step using timecounter (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: revert the ptp phc implementation to use timecounter (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: return correct timestamp for cn10k soc (Naveen Mamindlapalli) [Orabug: 34671021] \n- misc: bphy: prevent out-of-bound array iteration (Jakub Palider) [Orabug: 34671021] \n- soc: octeontx2-sdp: Fix SDP output backpressure (Roy Franz) [Orabug: 34671021] \n- crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34779699] \n- tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34802779] \n- tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34802779] \n- tools/power turbostat: formatting (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: rename tcc variables (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: add TCC Offset support (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: save original CPU model (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: Fix Core C6 residency on Atom CPUs (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: Print the C-state Pre-wake settings (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Enable tsc_tweak for Elkhart Lake and Jasper Lake (Chen Yu) [Orabug: 34802779] \n- tools/power/turbostat: Remove Package C6 Retention on Ice Lake Server (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Fix offset overflow issue in index converting (Calvin Walton) [Orabug: 34802779] \n- tools/power/turbostat: Fix turbostat for AMD Zen CPUs (Bas Nieuwenhuizen) [Orabug: 34802779] \n- tools/power turbostat: update version number (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Fix DRAM Energy Unit on SKX (Zhang Rui) [Orabug: 34802779] \n- Revert 'tools/power turbostat: adjust for temperature offset' (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support Ice Lake D (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Alder Lake Mobile (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: print microcode patch level (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: add built-in-counter for IPC -- Instructions per Cycle (Len Brown) [Orabug: 34802779] \n- tools/turbostat: Unmark non-kernel-doc comment (Randy Dunlap) [Orabug: 34802779] \n- tools/power/turbostat: Fallback to an MSR read for EPB (Borislav Petkov) [Orabug: 34802779] \n- tools/power turbostat: update version number (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: harden against cpu hotplug (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: adjust for temperature offset (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support AMD Family 19h (Kim Phillips) [Orabug: 34802779] \n- tools/power turbostat: Remove empty columns for Jacobsville (Antti Laakso) [Orabug: 34802779] \n- tools/power turbostat: Add a new GFXAMHz column that exposes gt_act_freq_mhz. (Rafael Antognolli) [Orabug: 34802779] \n- tools/power turbostat: Skip pc8, pc9, pc10 columns, if they are disabled (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Fix output formatting for ACPI CST enumeration (David Arcari) [Orabug: 34802779] \n- tools/power turbostat: Use sched_getcpu() instead of hardcoded cpu 0 (Prarit Bhargava) [Orabug: 34802779] \n- tools/power turbostat: Enable accumulate RAPL display (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Introduce functions to accumulate RAPL consumption (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Make the energy variable to be 64 bit (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Always print idle in the system configuration header (Doug Smythies) [Orabug: 34802779] \n- tools/power turbostat: Print /dev/cpu_dma_latency (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: update version (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Print cpuidle information (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support Elkhart Lake (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Jasper Lake (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Cometlake (Chen Yu) [Orabug: 34802779] \n- sch_htb: Fail on unsupported parameters when offload is requested (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_api: Don't skip qdisc attach on ingress (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: Fix inconsistency when leaf qdisc creation fails (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: fix refcount leak in htb_parent_to_leaf_offload (Yunjian Wang) [Orabug: 34833369] \n- sch_htb: fix null pointer dereference on a null new_q (Yunjian Wang) [Orabug: 34833369] \n- sch_htb: Fix offload cleanup in htb_destroy on htb_init failure (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: Fix select_queue for non-offload mode (Maxim Mikityanskiy) [Orabug: 34833369] \n- RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865848] \n- arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) [Orabug: 34873999] \n- net: mana: Fix race on per-CQ variable napi work_done (uek6/u3) (Haiyang Zhang) [Orabug: 34874459] \n- mips: Octeon: PCI console code was incorrectly finding the tty port (Dave Kleikamp) [Orabug: 34877981] \n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34944087] \n- bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) [Orabug: 34944087] \n- Revert 'x86/bpf: Alternative RET encoding' (Alexandre Chartre) [Orabug: 34944087] \n- xfs: don't reuse busy extents on extent trim (Brian Foster) [Orabug: 34944365]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4139", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "id": "ELSA-2023-12119", "href": "http://linux.oracle.com/errata/ELSA-2023-12119.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:15:52", "description": "[5.4.17-2136.316.7]\n- runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045]\n[5.4.17-2136.316.6]\n- block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] \n- powercap: intel_rapl: support new layout of Psys PowerLimit Register on SPR (Zhang Rui) [Orabug: 34953089] \n- block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 34979810] \n- usb: dwc3: core: fix kernel panic when do reboot (Peter Chen) [Orabug: 34988646] \n- usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (Jack Pham) [Orabug: 34988646]\n[5.4.17-2136.316.5]\n- net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979171]\n[5.4.17-2136.316.4]\n- Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700110] \n- net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607845] \n- net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600820] \n- net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 34314503] \n- net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556038] \n- net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560701] \n- IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34821074] \n- vhost-scsi: Fix max number of virtqueues (Mike Christie) [Orabug: 34915128] \n- uek-rpm: Add nft_reject* modules to nano rpm. (Somasundaram Krishnasamy) [Orabug: 34966035] \n- rds: ib: Avoid tear-down of caches unless already initialized (Hakon Bugge) [Orabug: 34830755] \n- x86/kexec: Do not reserve EFI setup_data in the kexec e820 table (Dave Young) [Orabug: 34864098] \n- KVM: SVM: Fix AVIC GATag to support max number of vCPUs (Suravee Suthikulpanit) [Orabug: 34961704]\n[5.4.17-2136.316.3]\n- LTS tag: v5.4.228 (Sherry Yang) \n- ASoC: ops: Correct bounds check for second channel on SX controls (Charles Keepax) \n- can: mcba_usb: Fix termination command argument (Yasushi SHOJI) \n- can: sja1000: fix size of OCR_MODE_MASK define (Heiko Schocher) \n- pinctrl: meditatek: Startup with the IRQs disabled (Ricardo Ribalda) \n- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (Mark Brown) \n- nfp: fix use-after-free in area_cache_get() (Jialiang Wang) \n- block: unhash blkdev part inode when the part is deleted (Ming Lei) \n- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) \n- x86/smpboot: Move rcu_cpu_starting() earlier (Paul E. McKenney) \n- net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head (Lorenzo Colitti) \n- LTS tag: v5.4.227 (Sherry Yang) \n- can: esd_usb: Allow REC and TEC to return to zero (Frank Jungclaus) \n- net: mvneta: Fix an out of bounds check (Dan Carpenter) \n- ipv6: avoid use-after-free in ip6_fragment() (Eric Dumazet) \n- net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() (Yang Yingliang) \n- xen/netback: fix build warning (Juergen Gross) \n- ethernet: aeroflex: fix potential skb leak in greth_init_rings() (Zhang Changzhong) \n- ipv4: Fix incorrect route flushing when table ID 0 is used (Ido Schimmel) \n- ipv4: Fix incorrect route flushing when source address is deleted (Ido Schimmel) \n- tipc: Fix potential OOB in tipc_link_proto_rcv() (YueHaibing) \n- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (Liu Jian) \n- net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (Liu Jian) \n- net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq (Yongqiang Liu) \n- net: stmmac: fix 'snps,axi-config' node property parsing (Jisheng Zhang) \n- nvme initialize core quirks before calling nvme_init_subsystem (Pankaj Raghav) \n- NFC: nci: Bounds check struct nfc_target arrays (Kees Cook) \n- i40e: Disallow ip4 and ip6 l4_4_bytes (Przemyslaw Patynowski) \n- i40e: Fix for VF MAC address 0 (Sylwester Dziedziuch) \n- i40e: Fix not setting default xps_cpus after reset (Michal Jaron) \n- net: mvneta: Prevent out of bounds read in mvneta_config_rss() (Dan Carpenter) \n- xen-netfront: Fix NULL sring after live migration (Lin Liu) \n- net: encx24j600: Fix invalid logic in reading of MISTAT register (Valentina Goncharenko) \n- net: encx24j600: Add parentheses to fix precedence (Valentina Goncharenko) \n- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (Wei Yongjun) \n- selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (Zhengchao Shao) \n- net: dsa: ksz: Check return value (Artem Chernyshev) \n- Bluetooth: Fix not cleanup led when bt_init fails (Chen Zhongjin) \n- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (Wang ShaoBo) \n- af_unix: Get user_ns from in_skb in unix_diag_get_exact(). (Kuniyuki Iwashima) \n- igb: Allocate MSI-X vector when testing (Akihiko Odaki) \n- e1000e: Fix TX dispatch condition (Akihiko Odaki) \n- gpio: amd8111: Fix PCI device reference count leak (Xiongfeng Wang) \n- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (Qiqi Zhang) \n- ca8210: Fix crash by zero initializing data (Hauke Mehrtens) \n- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (Ziyang Xuan) \n- can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) \n- HID: core: fix shift-out-of-bounds in hid_report_raw_event (ZhangPeng) \n- HID: hid-lg4ff: Add check for empty lbuf (Anastasia Belova) \n- HID: usbhid: Add ALWAYS_POLL quirk for some mice (Ankit Patel) \n- drm/shmem-helper: Remove errant put in error path (Rob Clark) \n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) \n- mm/gup: fix gup_pud_range() for dax (John Starks) \n- memcg: fix possible use-after-free in memcg_write_event_control() (Tejun Heo) \n- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (Hans Verkuil) \n- Revert 'net: dsa: b53: Fix valid setting for MDB entries' (Rafal Milecki) \n- xen/netback: don't call kfree_skb() with interrupts disabled (Juergen Gross) \n- xen/netback: do some code cleanup (Juergen Gross) \n- xen/netback: Ensure protocol headers don't fall in the non-linear area (Ross Lagerwall) \n- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (Jann Horn) \n- mm/khugepaged: fix GUP-fast interaction by sending IPI (Jann Horn) \n- mm/khugepaged: take the right locks for page table retraction (Jann Horn) \n- net: usb: qmi_wwan: add u-blox 0x1342 composition (Davide Tronchin) \n- 9p/xen: check logical size for buffer size (Dominique Martinet) \n- fbcon: Use kzalloc() in fbcon_prepare_logo() (Tetsuo Handa) \n- regulator: twl6030: fix get status of twl6032 regulators (Andreas Kemnade) \n- ASoC: soc-pcm: Add NULL check in BE reparenting (Srinivasa Rao Mandadapu) \n- btrfs: send: avoid unaligned encoded writes when attempting to clone range (Filipe Manana) \n- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (Kees Cook) \n- regulator: slg51000: Wait after asserting CS pin (Konrad Dybcio) \n- 9p/fd: Use P9_HDRSZ for header size (GUO Zihua) \n- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (Johan Jonker) \n- ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation (Giulio Benetti) \n- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (Tomislav Novak) \n- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (Johan Jonker) \n- ARM: dts: rockchip: fix ir-receiver node names (Johan Jonker) \n- arm: dts: rockchip: fix node name for hym8563 rtc (Sebastian Reichel) \n- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (FUKAUMI Naoki) \n- LTS tag: v5.4.226 (Sherry Yang) \n- ipc/sem: Fix dangling sem_array access in semtimedop race (Jann Horn) \n- v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (Linus Torvalds) \n- mmc: sdhci: Fix voltage switch delay (Adrian Hunter) \n- mmc: sdhci: use FIELD_GET for preset value bit masks (Masahiro Yamada) \n- char: tpm: Protect tpm_pm_suspend with locks (Jan Dabros) \n- Revert 'clocksource/drivers/riscv: Events are stopped during CPU suspend' (Conor Dooley) \n- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (Michael Kelley) \n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896}\n- x86/pm: Add enumeration check before spec MSRs save/restore setup (Pawan Gupta) \n- x86/tsx: Add a feature bit for TSX control MSR support (Pawan Gupta) \n- nvme: ensure subsystem reset is single threaded (Keith Busch) \n- nvme: restrict management ioctls to admin (Keith Busch) \n- epoll: check for events when removing a timed out thread from the wait queue (Soheil Hassas Yeganeh) \n- epoll: call final ep_events_available() check under the lock (Roman Penyaev) \n- ipv4: Fix route deletion when nexthop info is not specified (Ido Schimmel) \n- ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (David Ahern) \n- selftests: net: fix nexthop warning cleanup double ip typo (Nikolay Aleksandrov) \n- selftests: net: add delete nexthop route warning test (Nikolay Aleksandrov) \n- Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled (Lee Jones) \n- parisc: Increase FRAME_WARN to 2048 bytes on parisc (Helge Deller) \n- xtensa: increase size of gcc stack frame check (Guenter Roeck) \n- parisc: Increase size of gcc stack frame check (Helge Deller) \n- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (Xiongfeng Wang) \n- pinctrl: single: Fix potential division by zero (Maxim Korotkov) \n- ASoC: ops: Fix bounds check for _sx controls (Mark Brown) \n- mm: Fix '.data.once' orphan section warning (Nathan Chancellor) \n- arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 (James Morse) \n- arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors (James Morse) \n- tracing: Free buffers when a used dynamic event is removed (Steven Rostedt (Google)) \n- mmc: sdhci-sprd: Fix no reset data and command after voltage switch (Wenchao Chen) \n- mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (Sebastian Falbesoner) \n- mmc: core: Fix ambiguous TRIM and DISCARD arg (Christian Lohle) \n- mmc: mmc_test: Fix removal of debugfs file (Ye Bin) \n- pinctrl: intel: Save and restore pins in 'direct IRQ' mode (Andy Shevchenko) \n- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (ZhangPeng) \n- tools/vm/slabinfo-gnuplot: use 'grep -E' instead of 'egrep' (Tiezhu Yang) \n- error-injection: Add prompt for function error injection (Steven Rostedt (Google)) \n- net/mlx5: DR, Fix uninitialized var warning (YueHaibing) \n- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (Yang Yingliang) \n- hwmon: (coretemp) Check for null before removing sysfs attrs (Phil Auld) \n- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (Yoshihiro Shimoda) \n- sctp: fix memory leak in sctp_stream_outq_migrate() (Zhengchao Shao) \n- packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (Willem de Bruijn) \n- net: tun: Fix use-after-free in tun_detach() (Shigeru Yoshida) \n- afs: Fix fileserver probe RTT handling (David Howells) \n- net: hsr: Fix potential use-after-free (YueHaibing) \n- dsa: lan9303: Correct stat name (Jerry Ray) \n- net: ethernet: nixge: fix NULL dereference (Yuri Karpov) \n- net/9p: Fix a potential socket leak in p9_socket_open (Wang Hai) \n- net: net_netdev: Fix error handling in ntb_netdev_init_module() (Yuan Can) \n- net: phy: fix null-ptr-deref while probe() failed (Yang Yingliang) \n- wifi: cfg80211: fix buffer overflow in elem comparison (Johannes Berg) \n- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (Duoming Zhou) \n- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (Zhang Changzhong) \n- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (Zhang Changzhong) \n- net/mlx5e: Fix use-after-free when reverting termination table (Roi Dayan) \n- net/mlx5: Fix uninitialized variable bug in outlen_write() (YueHaibing) \n- of: property: decrement node refcount in of_fwnode_get_reference_args() (Yang Yingliang) \n- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (Gaosheng Cui) \n- hwmon: (i5500_temp) fix missing pci_disable_device() (Yang Yingliang) \n- scripts/faddr2line: Fix regression in name resolution on ppc64le (Srikar Dronamraju) \n- iio: light: rpr0521: add missing Kconfig dependencies (Paul Gazzillo) \n- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (Wei Yongjun) \n- iio: health: afe4403: Fix oob read in afe4403_read_raw (Wei Yongjun) \n- btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (ChenXiaoSong) \n- drm/amdgpu: Partially revert 'drm/amdgpu: update drm_display_info correctly when the edid is read' (Alex Deucher) \n- drm/amdgpu: update drm_display_info correctly when the edid is read (Claudio Suarez) \n- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (Nikolay Borisov) \n- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (Frieder Schrempf) \n- btrfs: free btrfs_path before copying inodes to userspace (Anand Jain) \n- fuse: lock inode unconditionally in fuse_fallocate() (Miklos Szeredi) \n- drm/i915: fix TLB invalidation for Gen12 video and compute engines (Andrzej Hajda) {CVE-2022-4139}\n- drm/amdgpu: always register an MMU notifier for userptr (Christian Konig) \n- drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN (Lyude Paul) \n- btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() (Zhen Lei) \n- btrfs: free btrfs_path before copying subvol info to userspace (Anand Jain) \n- btrfs: free btrfs_path before copying fspath to userspace (Anand Jain) \n- btrfs: free btrfs_path before copying root refs to userspace (Josef Bacik) \n- binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 (Alessandro Astone) \n- binder: Address corner cases in deferred copy and fixup (Alessandro Astone) \n- binder: fix pointer cast warning (Arnd Bergmann) \n- binder: defer copies of pre-patched txn data (Todd Kjos) \n- binder: read pre-translated fds from sender buffer (Todd Kjos) \n- binder: avoid potential data leakage when copying txn (Todd Kjos) \n- dm integrity: flush the journal on suspend (Mikulas Patocka) \n- net: usb: qmi_wwan: add Telit 0x103a composition (Enrico Sau) \n- tcp: configurable source port perturb table size (Gleb Mazovetskiy) \n- platform/x86: hp-wmi: Ignore Smart Experience App event (Kai-Heng Feng) \n- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (Hans de Goede) \n- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (Xiongfeng Wang) \n- xen/platform-pci: add missing free_irq() in error path (ruanjinjie) \n- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (Lukas Wunner) \n- ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (Hans de Goede) \n- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (Aman Dhoot) \n- gcov: clang: fix the buffer overflow issue (Mukesh Ojha) \n- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (Chen Zhongjin) \n- firmware: coreboot: Register bus in module init (Brian Norris) \n- firmware: google: Release devices before unregistering the bus (Patrick Rudolph) \n- ceph: avoid putting the realm twice when decoding snaps fails (Xiubo Li) \n- ceph: do not update snapshot context when there is no new snapshot (Xiubo Li) \n- iio: pressure: ms5611: fixed value compensation bug (Mitja Spes) \n- iio: ms5611: Simplify IO callback parameters (Lars-Peter Clausen) \n- nios2: add FORCE for vmlinuz.gz (Randy Dunlap) \n- init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (Alexandre Belloni) \n- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (Chen Zhongjin) \n- iio: light: apds9960: fix wrong register for gesture gain (Alejandro Concepcion Rodriguez) \n- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (Jakob Unterwurzacher) \n- usb: dwc3: exynos: Fix remove() function (Marek Szyprowski) \n- lib/vdso: use 'grep -E' instead of 'egrep' (Greg Kroah-Hartman) \n- s390/crashdump: fix TOD programmable field size (Heiko Carstens) \n- net: thunderx: Fix the ACPI memory leak (Yu Liao) \n- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (Martin Faltesek) \n- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- s390/dasd: fix no record found for raw_track_access (Stefan Haberland) \n- dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). (Kuniyuki Iwashima) \n- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Yang Yingliang) \n- regulator: twl6030: re-add TWL6032_SUBCLASS (Andreas Kemnade) \n- NFC: nci: fix memory leak in nci_rx_data_packet() (Liu Shixin) \n- xfrm: Fix ignored return value in xfrm6_init() (Chen Zhongjin) \n- tipc: check skb_linearize() return value in tipc_disc_rcv() (YueHaibing) \n- tipc: add an extra conn_get in tipc_conn_alloc (Xin Long) \n- tipc: set con sock in tipc_conn_alloc (Xin Long) \n- net/mlx5: Fix FW tracer timestamp calculation (Moshe Shemesh) \n- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (Yang Yingliang) \n- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (Yang Yingliang) \n- nfp: add port from netdev validation for EEPROM access (Jaco Coetzee) \n- net: pch_gbe: fix pci device refcount leak while module exiting (Yang Yingliang) \n- net/qla3xxx: fix potential memleak in ql3xxx_send() (Zhang Changzhong) \n- net/mlx4: Check retval of mlx4_bitmap_init (Peter Kosyh) \n- ARM: mxs: fix memory leak in mxs_machine_init() (Zheng Yongjun) \n- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (Zhengchao Shao) \n- net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (Wang Hai) \n- nfc/nci: fix race with opening and closing (Lin Ma) \n- net: liquidio: simplify if expression (Leon Romanovsky) \n- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (Michael Grzeschik) \n- tee: optee: fix possible memory leak in optee_register_device() (Yang Yingliang) \n- bus: sunxi-rsb: Support atomic transfers (Samuel Holland) \n- regulator: core: fix UAF in destroy_regulator() (Yang Yingliang) \n- regulator: core: fix kobject release warning and memory leak in regulator_register() (Zeng Heng) \n- ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (Detlev Casanova) \n- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (Dominik Haller) \n- af_key: Fix send_acquire race with pfkey_register (Herbert Xu) \n- MIPS: pic32: treat port as signed integer (Jason A. Donenfeld) \n- RISC-V: vdso: Do not add missing symbols to version section in linker script (Nathan Chancellor) \n- arm64/syscall: Include asm/ptrace.h in syscall_wrapper header. (Kuniyuki Iwashima) \n- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (Yu Kuai) \n- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (Hans de Goede) \n- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (Sean Nyekjaer) \n- wifi: mac80211: Fix ack frame idr leak when mesh has no route (Nicolas Cavallari) \n- audit: fix undefined behavior in bit shift for AUDIT_BIT (Gaosheng Cui) \n- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (Jonas Jelonek) \n- wifi: mac80211: fix memory free error when registering wiphy fail (taozhang) \n- LTS tag: v5.4.225 (Sherry Yang) \n- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) \n- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) \n- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) \n- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) \n- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) \n- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) \n- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) \n- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) \n- kcm: close race conditions on sk_receive_queue (Cong Wang) \n- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) \n- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) \n- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) \n- macvlan: enforce a consistent minimal mtu (Eric Dumazet) \n- Input: i8042 - fix leaking of platform device on module removal (Chen Jun) \n- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) \n- scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) \n- ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) \n- serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) \n- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) \n- docs: update mediator contact information in CoC doc (Shuah Khan) \n- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) \n- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) \n- mmc: core: properly select voltage range without power cycle (Yann Gautier) \n- scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) \n- Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) \n- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) \n- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) \n- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) \n- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) \n- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) \n- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) \n- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) \n- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) \n- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) \n- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) \n- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) \n- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) \n- USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) \n- speakup: fix a segfault caused by switching consoles (Mushahid Hussain) \n- slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) \n- Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) \n- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) \n- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) \n- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) \n- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) \n- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) \n- cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) \n- net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) \n- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) \n- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) \n- platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) \n- drbd: use after free in drbd_create_device() (Dan Carpenter) \n- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) \n- bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) \n- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) \n- net: macvlan: Use built-in RCU list checking (Chuang Wang) \n- net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) \n- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) \n- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) \n- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) \n- arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) \n- arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) \n- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) \n- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) \n- siox: fix possible memory leak in siox_device_add() (Yang Yingliang) \n- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) \n- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) \n- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) \n- serial: imx: Add missing .thaw_noirq hook (Shawn Guo) \n- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) \n- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) \n- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) \n- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) \n- spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) \n- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) \n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) \n- btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) \n- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) \n- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) \n- NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) \n- selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) \n- selftests/futex: fix build for clang (Ricardo Canuelo) \n- ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) \n- ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) \n- ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) \n- ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) \n- spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) \n- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) \n- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) \n- net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) \n- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) \n- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) \n- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) \n- can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) \n- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) \n- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) \n- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) \n- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) \n- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) \n- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) \n- vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) \n- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) \n- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) \n- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) \n- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) \n- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) \n- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) \n- MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) \n- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) \n- riscv: process: fix kernel info leakage (Jisheng Zhang) \n- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) \n- ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) \n- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) \n- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) \n- cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) \n- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) \n- net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) \n- net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) \n- net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) \n- perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) \n- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) \n- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) \n- dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) \n- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) \n- can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) \n- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) \n- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) \n- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) \n- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) \n- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) \n- net: fman: Unregister ethernet device on removal (Sean Anderson) \n- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) \n- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) \n- net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) \n- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) \n- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) \n- bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) \n- wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) \n- wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) \n- phy: stm32: fix an error code in probe (Dan Carpenter) \n- xfs: drain the buf delwri queue before xfsaild idles (Brian Foster) \n- xfs: preserve inode versioning across remounts (Eric Sandeen) \n- xfs: use MMAPLOCK around filemap_map_pages() (Dave Chinner) \n- xfs: redesign the reflink remap loop to fix blkres depletion crash (Darrick J. Wong) \n- xfs: rename xfs_bmap_is_real_extent to is_written_extent (Darrick J. Wong) \n- xfs: preserve rmapbt swapext block reservation from freed blocks (Brian Foster)\n[5.4.17-2136.316.2]\n- netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351486] \n- uek-rpm: ol7: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Add enhanced kABI diagnostics (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol7: Add Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Add Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol7: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: ol8: Enable creation of Symtypes files (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: Add kabi tool and documentation (Stephen Brennan) [Orabug: 33871940] \n- uek-rpm: update config files for SDK-11.22.10 (Dave Kleikamp) [Orabug: 34671021] \n- drivers: soc: fwlog: Fix compiler warnings (Dave Kleikamp) [Orabug: 34671021] \n- firmware: octeontx2: sfp-info: Update sfp_info_data (Piyush Malgujar) [Orabug: 34671021] \n- octeontx2-pcicons: provide toggle for trace_printk (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: fix TIM disable lf sequence (Pavan Nikhilesh) [Orabug: 34671021] \n- driver core: Use unbound workqueue for deferred probes (Yogesh Lal) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: fix for PTP BCN delta (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: soc: sw_up: Fix compatibility (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 34671021] \n- octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P added tc enablement command (Yi Guo) [Orabug: 34671021] \n- octeontx2-af: Don't return error when SMQ flush fails (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Use PTP ring tail index to read timestamp (Baha Mesleh) [Orabug: 34671021] \n- PCI: octeontx2-pem-ep: Setup BAR4 region for PTP block access (Roy Franz) [Orabug: 34671021] \n- octeontx2-af: mcs: set force clock enable (Ankur Dwivedi) [Orabug: 34671021] \n- drivers: pci-octeon-pem: Rectify RC link recover work (Suneel Garapati) [Orabug: 34671021] \n- octeontx2-af: Add support for RPM FEC stats (Hariprasad Kelam) [Orabug: 34671021] \n- firmware: octeontx2: sfp-info: check supported platforms first (Damian Eppel) [Orabug: 34671021] \n- drivers: pci: octeon-pem: Fix hardware issue (Suneel Garapati) [Orabug: 34671021] \n- octeontx-af: mcs: Fix mcs interrupt irq name (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-bphy-netdev: PTP 1-step improvements (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: mcs: add port config mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: add port reset mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: add packet steering rules support (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: set CPT CTX ILEN to 1 (Tejasree Kondoj) [Orabug: 34671021] \n- octeontx2-af: mcs: add pn threshold mbox (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-af: mcs: extend mcs interrupt handling (Vamsi Attunuru) [Orabug: 34671021] \n- octeontx2-bphy-netdev:: Share RFOE PTP offset with host (Roy Franz) [Orabug: 34671021] \n- octeontx2-bphy-netdev: PTP BCN synchronization support for CNF10k platforms. (Rakesh Babu Saladi) [Orabug: 34671021] \n- hwrng: cn10k - Make check_rng_health() return an error code (Vladis Dronov) [Orabug: 34671021] \n- hwrng: cn10k - Optimize cn10k_rng_read() (Vladis Dronov) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Add cnf10k rfoe debugfs (Baha Mesleh) [Orabug: 34671021] \n- octeontx2-af: serialize bar2 alias access (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: add mbox to return CPT_AF_FLT_INT info (Srujana Challa) [Orabug: 34671021] \n- Revert 'octeontx2-af: set pkind for LBK interfaces' (Sunil Kovvuri Goutham) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf105xxn: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Modify PTP timestamp format. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-bphy-netdev: convert MIO_PTP_TIMESTAMP value to nsecs (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pcicons: adjust padding size for RT (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-pcicons: remove dev_err() from TTY write (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-pcicons: wait longer for the buffer (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: Fix return value in rvu_mbox_handler_nix_lf_stop_rx (Naveen Mamindlapalli) [Orabug: 34671021] \n- soc: octeontx2-sdp: add multi-PF support in SDP (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- firmware: smccc: Fix check for ARCH_SOC_ID not implemented (Michael Kelley) [Orabug: 34671021] \n- firmware: smccc: Export both smccc functions (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Add ARCH_SOC_ID support (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Update link to latest SMCCC specification (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Fix missing prototype warning for arm_smccc_version_init (Sudeep Holla) [Orabug: 34671021] \n- firmware: smccc: Refactor SMCCC specific bits into separate file (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (Gowthami Thiagarajan) [Orabug: 34671021] \n- firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (Sudeep Holla) [Orabug: 34671021] \n- firmware/psci: use common SMCCC_CONDUIT_* (Gowthami Thiagarajan) [Orabug: 34671021] \n- octeontx2-pf: fix hardware timestamp issue for ptp slave (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: add read back of AF_BAR2_SEL register (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: fix CPT FLT handler (Srujana Challa) [Orabug: 34671021] \n- drivers: soc: fwlog: Extend firmware bootlog support for cn10k and cn9x (Pragnesh Patel) [Orabug: 34671021] \n- octeontx2-af: remove support to limit xaq depth (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-pcicons: disable IRQ when taking a lock (Wojciech Zmuda) [Orabug: 34671021] \n- octeontx2-af: set pkind for LBK interfaces (Liron Himi) [Orabug: 34671021] \n- octeontx2-af: Generate masks for packet header fields correctly (Subbaraya Sundeep) [Orabug: 34671021] \n- misc: bphy: disable ctr module on non-BPHY boards (Jakub Palider) [Orabug: 34671021] \n- driver: mmc: sdhci-cadence: Dump more PHY registers (Chandrakala Chavva) [Orabug: 34671021] \n- uek-rpm: aarch64 embedded: disable CONFIG_EFI_BOOTEFI_BUG (Dave Kleikamp) [Orabug: 34671021] \n- octeontx2-af: fix rvu_cgx_tx_enable to return success for vfs (Naveen Mamindlapalli) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Adding mub_gen dependency (Piyush Malgujar) [Orabug: 34671021] \n- drivers: sdhci-cadence: Update HS200 tuning values (Jayanthi Annadurai) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix updating JD pkt length and blocksize (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Re-enable mac tx in otx2_stop routine (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt coalescing (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix improper names used for IRQs. (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: sdhci-cadence: Increase hold time for HS52 and DDR52 modes (Jayanthi Annadurai) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Config memtest module as trisate (Piyush Malgujar) [Orabug: 34671021] \n- driver: edac: octeontx: Add CPU RAS error report (Vasyl Gomonovych) [Orabug: 34671021] \n- perf cs-etm: Use existing decoder instead of resetting it (James Clark) [Orabug: 34671021] \n- perf cs-etm: Suppress printing when resetting decoder (James Clark) [Orabug: 34671021] \n- perf cs-etm: Only setup queues when they are modified (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split setup and timestamp search functions (James Clark) [Orabug: 34671021] \n- perf cs-etm: Refactor initialisation of kernel start address (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split --dump-raw-trace by AUX records (James Clark) [Orabug: 34671021] \n- perf cs-etm: Split Coresight decode by aux records (James Clark) [Orabug: 34671021] \n- perf cs-etm: Delay decode of non-timeless data until cs_etm__flush_events() (James Clark) [Orabug: 34671021] \n- perf cs-etm: Remove callback cs_etm_find_snapshot() (Leo Yan) [Orabug: 34671021] \n- perf cs-etm: Move synth_opts initialisation (James Clark) [Orabug: 34671021] \n- perf cs-etm: Set time on synthesised samples to preserve ordering (James Clark) [Orabug: 34671021] \n- perf cs-etm: Refactor timestamp variable names (James Clark) [Orabug: 34671021] \n- perf session: Add facility to peek at all events (Adrian Hunter) [Orabug: 34671021] \n- octeontx2-af: Do not use default unicast entry action always (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: modify FLR sequence for CPT (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: Do not read CGX FEC CSRs on CN10K (Sunil Goutham) [Orabug: 34671021] \n- drivers: firmware: octeontx2: Fix Kconfig dependency (Piyush Malgujar) [Orabug: 34671021] \n- driver :soc :phy7121:MACsec: Params support for SA (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-af: Derive fifo size assigned to given LMAC (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: CN10KB MAC RPM_100/USX support (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: Support variable number of LMACS per MAC (Hariprasad Kelam) [Orabug: 34671021] \n- i2c: mv64xxx: Fix random system lock caused by runtime PM (Marek Behun) [Orabug: 34671021] \n- octeontx2-af: add support for SSO WQE stashing (Pavan Nikhilesh) [Orabug: 34671021] \n- octeontx2-af: add additional description to irqs (Pavan Nikhilesh) [Orabug: 34671021] \n- uek-rpm: update config files for SDK-11.22.08 (Dave Kleikamp) [Orabug: 34671021] \n- drivers: marvell: otx2-sdei-ghes: Fix error records overflow (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-af: mcs: Fix rvu mcs initialization (Geetha sowjanya) [Orabug: 34671021] \n- irqchip/gicv3-its: Workaround for Marvell errata 35443 for 9xx (Geetha sowjanya) [Orabug: 34671021] \n- driver: edac: octeontx: Refactor EDAC driver (Vasyl Gomonovych) [Orabug: 34671021] \n- drivers: soc: sw_up: Update return code handling (Witold Sadowski) [Orabug: 34671021] \n- drivers: firmware: octeontx2: fixing the return values (Piyush Malgujar) [Orabug: 34671021] \n- drivers: i2c: octeon: Skip M divider limit for OcteonTX2 (Suneel Garapati) [Orabug: 34671021] \n- driver: firmware: Fix kconfig dependencies on mhu driver (Chandrakala Chavva) [Orabug: 34671021] \n- octeontx2-af: mcs: Add SA interrupt handling support (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-af: add SSO XAQ AURA access errata workaround (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-af: add programming SDP BPID in cn10k (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: Enable LBK links only when switch mode is on. (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-pf: Forward VF UP messages iff VFs are present (Subbaraya Sundeep) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P added rclk command to adv feature (Yi Guo) [Orabug: 34671021] \n- octeontx2-af: mcs: Set mcs to bypass on error (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: HW workaround for NPA buffer free (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-pf: Fix SQE threshold checking (Ratheesh Kannoth) [Orabug: 34671021] \n- octeontx2-af: ptp: Fix the sequence of register configuration (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Fixes compilation warning for KASAN build (Suman Ghosh) [Orabug: 34671021] \n- coresight: Add Coresight kdump support (Linu Cherian) [Orabug: 34671021] \n- coresight: Add provision for kdump sync callbacks (Linu Cherian) [Orabug: 34671021] \n- driver: mmc: ACPI support added for eMMC driver for T9x. (Piyush Malgujar) [Orabug: 34671021] \n- octeontx2-pf: Fix TSOv6 offload (Sunil Goutham) [Orabug: 34671021] \n- irqchip/gic-v3: Detect LPI invalidation MMIO registers (Linu Cherian) [Orabug: 34671021] \n- irqchip/gic-v3: Exposes bit values for GICR_CTLR.{IR, CES} (Marc Zyngier) [Orabug: 34671021] \n- irqchip/gic-v3-its: Allow LPI invalidation via the DirectLPI interface (Marc Zyngier) [Orabug: 34671021] \n- irqchip/gic-v3-its: Factor out wait_for_syncr primitive (Marc Zyngier) [Orabug: 34671021] \n- octeontx2-pf: Fix VF mbox forwarding handling (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: Fix BPID calculation for SDP (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 34671021] \n- octeontx2-bphy-netdev: IOCTL to read input clock parameters. (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: soc: sw_up: Add async clone support (Witold Sadowski) [Orabug: 34671021] \n- crypto: octeontx2: add CN10KB SG support (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: cnf10k-b: mcs: Add mbox to set port mode (Geetha sowjanya) [Orabug: 34671021] \n- driver: edac: octeontx: Rename some macros and variables (Chandrakala Chavva) [Orabug: 34671021] \n- crypto: octeontx2: decrease CPT_AF_CTX_FLUSH_TIMER count (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: update cpt engines status debugfs entry (Srujana Challa) [Orabug: 34671021] \n- driver: mailbox: Cleanup dead code (Wojciech Bartczak) [Orabug: 34671021] \n- drivers: marvell: otx2-sdei-ghes: Fix BERT report driver (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix cnf10k link state set (Baha Mesleh) [Orabug: 34671021] \n- otx2-bphy-netdev: synchronize BCN to PTP slave clock. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-bphy-netdev: stop pkt transmission when psm queue is disabled (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 34671021] \n- edac: Add spinlock to protect ring buffer read/write (Vasyl Gomonovych) [Orabug: 34671021] \n- EDAC: OcteonTX: Fix build issues when ACPI is disabled (Piyush Malgujar) [Orabug: 34671021] \n- drivers: soc: sw_up: Add async hash verification option (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: Fix pf bitmap for RVU VFs (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Add debugfs support (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Support to reset MCS stats (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Support to retrieve MCS stats (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cnf10k-b: mcs: Add support for CNF10K MCS (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Install TCAM bypass entry (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Mbox handlers to establish CA (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Mbox to allocate/free MCS resources (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k-b: mcs: Allocate structs for MCS resources (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: cn10k: mcs: Add MCS basic driver support (Geetha sowjanya) [Orabug: 34671021] \n- mailbox: marvell: Initialize interrupts only if there's client for data (Wojciech Bartczak) [Orabug: 34671021] \n- mailbox: marvell: Fix driver dependencies list (Wojciech Bartczak) [Orabug: 34671021] \nheader file (Piyush Malgujar) [Orabug: 34671021] \n- EDAC: OcteonTX: Remove redundant ACPI_APEI_GHES (Vasyl Gomonovych) [Orabug: 34671021] \n- drivers: sdhci-cadence: Initialize slew and drive values (Jayanthi Annadurai) [Orabug: 34671021] \n- octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 34671021] \n- drivers: soc: sw_up: Use new and previous smc_update_descriptor (Witold Sadowski) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P Fixed Warnings. (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-pcicons: Adjust padding size for RT (Ratheesh Kannoth) [Orabug: 34671021] \n- genirq: Increase the number of interrupters (George Cherian) [Orabug: 34671021] \n- octeontx2-af: Skip PFs if not enabled (Ratheesh Kannoth) [Orabug: 34671021] \n- crypto: octeontx2: add pdcp chain to capabilities (Srujana Challa) [Orabug: 34671021] \n- crypto: octeontx2: set sso_pf_func_ovrd only for 96xx A0/B0 (Srujana Challa) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: fix compilation warning (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: use platform_get_irq_optional for PSM GPINT2 (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: ptp: modify workaround for cn10k pps errata (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: add support to parse custom ether type (Kiran Kumar K) [Orabug: 34671021] \n- soc: octeontx2-sdp: program SDP_EPVF_RING (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- octeontx2-af: timeout while draining SSO queues (Shijith Thotton) [Orabug: 34671021] \n- firmware: mub: Add CN10K memory test configuration utility (Wojciech Bartczak) [Orabug: 34671021] \n- soc: octeontx2-sdp: remove dependency from PCI revision (Radha Mohan Chintakuntla) [Orabug: 34671021] \n- drivers: sdhci-cadence: Fix high speed mode hold time (Jayanthi Annadurai) [Orabug: 34671021] \n- crypto: octeontx2: add support for 103xx firmware load (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: update CPT inbound inline IPsec config mailbox (Srujana Challa) [Orabug: 34671021] \n- driver: soc: mrvl_phy7121P: config is only valid on ARM64 (Dave Kleikamp) [Orabug: 34956505] \n- driver: soc: mrvl_phy7121P PHY ADVANCE FEATURES: (Narendra Hadke) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Fix incorrect PTP clock frequency. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) [Orabug: 34671021] \n- octeontx2-af: Allow mcam entries for promiscous rule for CN10K-A and CN10K-B soc. (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: ptp: use 950MHz clock for ptp slave (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: ptp: Fix ptp clock counter read (Naveen Mamindlapalli) [Orabug: 34671021] \n- perf/marvell: Update dev name in Marvell DDR PMU (Amit Singh Tomar) [Orabug: 34671021] \n- octeontx2-bphy-netdev: Fix ethtool stats string order (Rakesh Babu Saladi) [Orabug: 34671021] \n- drivers: spi: cadence-xspi: Force single modebyte (Witold Sadowski) [Orabug: 34671021] \n- octeontx2-af: fix lbk link credits on cn10k (Nithin Dabilpuram) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf95n: add PTP slave support. (Rakesh Babu Saladi) [Orabug: 34671021] \n- perf/marvell_cn10k: support older DT properties for TAD PMU (Tanmay Jagdale) [Orabug: 34671021] \n- perf/marvell: get ddr speed from 'marvell,ddr-speed' (Amit Singh Tomar) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Fix ptp hardware clock counter conversion (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 34671021] \n- octeontx2-af: Add L2M/L2B header extraction support (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-pf: Fix invalid pkt count send to dql_completed() (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: fix CPT engine recovery (Srujana Challa) [Orabug: 34671021] \n- iommu/arm-smmu-v3: Ratelimit event dump (Jean-Philippe Brucker) [Orabug: 34671021] \n- cn10k: Add workaround for MRVL TAD Errata-38891 (Bharat Bhushan) [Orabug: 34671021] \n- edac: Fix cn10ka dss error injection (Vasyl Gomonovych) [Orabug: 34671021] \n- octeontx2-af: Fix NIX link credits (Sunil Goutham) [Orabug: 34671021] \n- edac: Read sdei vector number from HEST table (Vasyl Gomonovych) [Orabug: 34671021] \n- edac: Add Core error report (Vasyl Gomonovych) [Orabug: 34671021] \n- driver: clk: Remove SCLK clock driver for ACPI platforms (Wojciech Bartczak) [Orabug: 34671021] \n- octeontx2-af: Initialize the PTP_SEC_ROLLOVER register properly (Naveen Mamindlapalli) [Orabug: 34671021] \n- cnf10k-rfoe: skb shinfo falls on a different cacheline, avoid reading it (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Adjust structure elements to reduce cache misses (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Avoid costly iova_to_virt of packet dma address in xmit (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Cleanup packet stats maintenance (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Optimize packet length retrieval for non-ecpri packets (Sunil Goutham) [Orabug: 34671021] \n- cnf10k-rfoe: Remove duplicate error checking (Sunil Goutham) [Orabug: 34671021] \n- octeontx2-af: add mbox for CPT LF reset (Srujana Challa) [Orabug: 34671021] \n- octeontx2-af: cn10k: Set NIX DWRR MTU for CN10KB silicon (Sunil Goutham) [Orabug: 34671021] \n- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) [Orabug: 34671021] \n- octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 34671021] \n- octeontx2-bphy-netdev: use sw timecounter for ptp phc (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: allow lower threshold in sso group qos mbox (Shijith Thotton) [Orabug: 34671021] \n- octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) [Orabug: 34671021] \n- drivers: soc: sw_up: Add force clone option (Witold Sadowski) [Orabug: 34671021] \n- perf/marvell_cn10k: update tad property names (Tanmay Jagdale) [Orabug: 34671021] \n- octeontx2-pf: Added validation check to configure adaptive interrupt coalesing. (Suman Ghosh) [Orabug: 34671021] \n- octeontx2-af: setup Tx link credit based on lmac id (Nithin Dabilpuram) [Orabug: 34671021] \n- firmware: smccc: Reflect firmware reported smccc version (Linu Cherian) [Orabug: 34671021] \n- octeontx2-bphy-netdev: cnf10k: Add PTP 2S legacy mode support. (Rakesh Babu Saladi) [Orabug: 34671021] \n- octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 34671021] \n- firmware: octeontx2: Enable RPRAM driver for ASIM targets (Wojciech Bartczak) [Orabug: 34671021] \n- octeontx2-pf: Free pending and dropped SQEs (Geetha sowjanya) [Orabug: 34671021] \n- octeontx2-af: recover CPT engine when it gets fault (Srujana Challa) [Orabug: 34671021] \n- crypto: octeontx2: remove CPT block reset (Srujana Challa) [Orabug: 34671021] \n- octeontx2-pf: Add support for ptp 1-step using timecounter (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-pf: revert the ptp phc implementation to use timecounter (Naveen Mamindlapalli) [Orabug: 34671021] \n- octeontx2-af: return correct timestamp for cn10k soc (Naveen Mamindlapalli) [Orabug: 34671021] \n- misc: bphy: prevent out-of-bound array iteration (Jakub Palider) [Orabug: 34671021] \n- soc: octeontx2-sdp: Fix SDP output backpressure (Roy Franz) [Orabug: 34671021] \n- crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34779699] \n- tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34802779] \n- tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34802779] \n- tools/power turbostat: formatting (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: rename tcc variables (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: add TCC Offset support (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: save original CPU model (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: Fix Core C6 residency on Atom CPUs (Zhang Rui) [Orabug: 34802779] \n- tools/power turbostat: Print the C-state Pre-wake settings (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Enable tsc_tweak for Elkhart Lake and Jasper Lake (Chen Yu) [Orabug: 34802779] \n- tools/power/turbostat: Remove Package C6 Retention on Ice Lake Server (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Fix offset overflow issue in index converting (Calvin Walton) [Orabug: 34802779] \n- tools/power/turbostat: Fix turbostat for AMD Zen CPUs (Bas Nieuwenhuizen) [Orabug: 34802779] \n- tools/power turbostat: update version number (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Fix DRAM Energy Unit on SKX (Zhang Rui) [Orabug: 34802779] \n- Revert 'tools/power turbostat: adjust for temperature offset' (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support Ice Lake D (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Alder Lake Mobile (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: print microcode patch level (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: add built-in-counter for IPC -- Instructions per Cycle (Len Brown) [Orabug: 34802779] \n- tools/turbostat: Unmark non-kernel-doc comment (Randy Dunlap) [Orabug: 34802779] \n- tools/power/turbostat: Fallback to an MSR read for EPB (Borislav Petkov) [Orabug: 34802779] \n- tools/power turbostat: update version number (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: harden against cpu hotplug (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: adjust for temperature offset (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support AMD Family 19h (Kim Phillips) [Orabug: 34802779] \n- tools/power turbostat: Remove empty columns for Jacobsville (Antti Laakso) [Orabug: 34802779] \n- tools/power turbostat: Add a new GFXAMHz column that exposes gt_act_freq_mhz. (Rafael Antognolli) [Orabug: 34802779] \n- tools/power turbostat: Skip pc8, pc9, pc10 columns, if they are disabled (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Fix output formatting for ACPI CST enumeration (David Arcari) [Orabug: 34802779] \n- tools/power turbostat: Use sched_getcpu() instead of hardcoded cpu 0 (Prarit Bhargava) [Orabug: 34802779] \n- tools/power turbostat: Enable accumulate RAPL display (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Introduce functions to accumulate RAPL consumption (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Make the energy variable to be 64 bit (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Always print idle in the system configuration header (Doug Smythies) [Orabug: 34802779] \n- tools/power turbostat: Print /dev/cpu_dma_latency (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: update version (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Print cpuidle information (Len Brown) [Orabug: 34802779] \n- tools/power turbostat: Support Elkhart Lake (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Jasper Lake (Chen Yu) [Orabug: 34802779] \n- tools/power turbostat: Support Cometlake (Chen Yu) [Orabug: 34802779] \n- sch_htb: Fail on unsupported parameters when offload is requested (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_api: Don't skip qdisc attach on ingress (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: Fix inconsistency when leaf qdisc creation fails (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: fix refcount leak in htb_parent_to_leaf_offload (Yunjian Wang) [Orabug: 34833369] \n- sch_htb: fix null pointer dereference on a null new_q (Yunjian Wang) [Orabug: 34833369] \n- sch_htb: Fix offload cleanup in htb_destroy on htb_init failure (Maxim Mikityanskiy) [Orabug: 34833369] \n- sch_htb: Fix select_queue for non-offload mode (Maxim Mikityanskiy) [Orabug: 34833369] \n- RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865848] \n- arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) [Orabug: 34873999] \n- net: mana: Fix race on per-CQ variable napi work_done (uek6/u3) (Haiyang Zhang) [Orabug: 34874459] \n- mips: Octeon: PCI console code was incorrectly finding the tty port (Dave Kleikamp) [Orabug: 34877981] \n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34944087] \n- bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) [Orabug: 34944087] \n- Revert 'x86/bpf: Alternative RET encoding' (Alexandre Chartre) [Orabug: 34944087] ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4139", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "id": "ELSA-2023-12121", "href": "http://linux.oracle.com/errata/ELSA-2023-12121.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:38:24", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5780-1 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-14T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5780-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3524", "CVE-2022-3619", "CVE-2022-3628", "CVE-2022-42895", "CVE-2022-42896"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-6.0.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5780-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168733", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5780-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168733);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3524\",\n \"CVE-2022-3619\",\n \"CVE-2022-3628\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\"\n );\n script_xref(name:\"USN\", value:\"5780-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5780-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5780-1 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the\n identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5780-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-6.0.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(6.0.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"6.0.0-\\d{4}-oem\" : \"6.0.0-1008\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5780-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3524', 'CVE-2022-3619', 'CVE-2022-3628', 'CVE-2022-42895', 'CVE-2022-42896');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5780-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:54", "description": "The version of kernel installed on the remote host is prior to 4.14.301-224.520. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1903 advisory.\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-13T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3524", "CVE-2022-42896"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.301-224.520", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1903.NASL", "href": "https://www.tenable.com/plugins/nessus/168676", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1903.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168676);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2022-3524\", \"CVE-2022-42896\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1903)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.301-224.520. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1903 advisory.\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1903.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-3524.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42896.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.301-224.520\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-3524\", \"CVE-2022-42896\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1903\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.301-224.520.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.301-224.520-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.301-224.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.301-224.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12117 advisory.\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2023-12117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3303", "CVE-2022-3524", "CVE-2022-3640", "CVE-2022-42895", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2023-12117.NASL", "href": "https://www.tenable.com/plugins/nessus/171398", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12117.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171398);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/14\");\n\n script_cve_id(\n \"CVE-2022-3303\",\n \"CVE-2022-3524\",\n \"CVE-2022-3640\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2023-12117)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-12117 advisory.\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12117.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.522.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12117');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.522.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.522.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.522.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.522.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.522.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.522.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-4.14.35'},\n {'reference':'python-perf-4.14.35-2047.522.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:27", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-12118 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3303", "CVE-2022-3524", "CVE-2022-3640", "CVE-2022-42895", "CVE-2022-42896"], "modified": "2023-02-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2023-12118.NASL", "href": "https://www.tenable.com/plugins/nessus/171397", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12118.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171397);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/14\");\n\n script_cve_id(\n \"CVE-2022-3303\",\n \"CVE-2022-3524\",\n \"CVE-2022-3640\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2023-12118 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12118.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.522.3.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12118');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.522.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:31", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0420-1 advisory.\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\n - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0420-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9517", "CVE-2022-3564", "CVE-2022-3643", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4662", "CVE-2022-47929", "CVE-2023-23454", "CVE-2023-23455"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0420-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171538", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0420-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171538);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2018-9517\",\n \"CVE-2022-3564\",\n \"CVE-2022-3643\",\n \"CVE-2022-4662\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-47929\",\n \"CVE-2023-23454\",\n \"CVE-2023-23455\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0420-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0420-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:0420-1 advisory.\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local\n escalation of privilege with System execution privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows\n an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control\n configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in\n net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial\n of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes\n indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\n - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial\n of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition\n rather than valid classification results). (CVE-2023-23455)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1108488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207237\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013767.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2eb4955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-47929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23455\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.199.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.199.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.199.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.199.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.199.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.199.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.199.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:57", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12018 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2023-12018.NASL", "href": "https://www.tenable.com/plugins/nessus/169923", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169923);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42895\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2023-12018 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12018.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-6.80.3.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12018');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-6.80.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-6.80.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:25", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12017 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2023-12017.NASL", "href": "https://www.tenable.com/plugins/nessus/169924", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-12017.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169924);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-4378\", \"CVE-2022-42895\", \"CVE-2022-42896\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2023-12017 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-12017.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-6.80.3.1.el8uek', '5.15.0-6.80.3.1.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12017');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-6.80.3.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-6.80.3.1.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-6.80.3.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:35", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0148-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0148-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3107", "CVE-2022-3108", "CVE-2022-3564", "CVE-2022-4662"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0148-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170708", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0148-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170708);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2022-3107\",\n \"CVE-2022-3108\",\n \"CVE-2022-3564\",\n \"CVE-2022-4662\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0148-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0148-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:0148-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in\n drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the\n null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in\n drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206896\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-January/013532.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72b546a8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.112.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.112.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.112.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:41:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0407-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0407-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564", "CVE-2022-4662", "CVE-2022-47929", "CVE-2023-23454"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_117-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171488", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0407-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171488);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2022-3564\",\n \"CVE-2022-4662\",\n \"CVE-2022-47929\",\n \"CVE-2023-23454\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0407-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0407-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2023:0407-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows\n an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control\n configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in\n net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial\n of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes\n indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207237\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013758.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e72f3ecf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-47929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.117.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.117.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.117.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.117.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_117-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.117.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.117.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:18", "description": "The version of kernel installed on the remote host is prior to 4.14.299-223.520. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1888 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1888)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-20369", "CVE-2022-26373", "CVE-2022-3564", "CVE-2022-42895"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.299-223.520", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1888.NASL", "href": "https://www.tenable.com/plugins/nessus/168430", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1888.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168430);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3564\",\n \"CVE-2022-20369\",\n \"CVE-2022-26373\",\n \"CVE-2022-42895\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1888)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.299-223.520. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1888 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1888.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-20369.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-3564.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42895.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.299-223.520\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-3564\", \"CVE-2022-20369\", \"CVE-2022-26373\", \"CVE-2022-42895\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1888\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.299-223.520.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.299-223.520-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.299-223.520.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.299-223.520.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:32", "description": "The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4662 advisory.\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: kernel (CVE-2022-4662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-4662"], "modified": "2023-03-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:bpftool", "p-cpe:/a:microsoft:cbl-mariner:kernel", "p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:kernel-devel", "p-cpe:/a:microsoft:cbl-mariner:kernel-docs", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-gpu", "p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound", "p-cpe:/a:microsoft:cbl-mariner:kernel-dtb", "p-cpe:/a:microsoft:cbl-mariner:kernel-tools", "p-cpe:/a:microsoft:cbl-mariner:python3-perf", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_KERNEL_CVE-2022-4662.NASL", "href": "https://www.tenable.com/plugins/nessus/172877", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172877);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/20\");\n\n script_cve_id(\"CVE-2022-4662\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: kernel (CVE-2022-4662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-4662 advisory.\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-4662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-4662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-gpu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-docs-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-accessibility-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-gpu-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-gpu-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-drivers-sound-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-dtb-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.92.1-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.92.1-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:45", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5879-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-16T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3619", "CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3643", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-4378", "CVE-2022-45934", "CVE-2023-0590"], "modified": "2023-02-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae"], "id": "UBUNTU_USN-5879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171574", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5879-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171574);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/16\");\n\n script_cve_id(\n \"CVE-2022-3619\",\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-3643\",\n \"CVE-2022-4378\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-45934\",\n \"CVE-2023-0590\"\n );\n script_xref(name:\"USN\", value:\"5879-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5879-1 advisory.\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the\n identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC\n interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It\n appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol\n headers are all contained within the linear section of the SKB and some NICs behave badly if this is not\n the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)\n though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with\n split headers, netback will forward those violating above mentioned assumption to the networking core,\n resulting in said misbehavior. (CVE-2022-3643)\n\n - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain\n kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their\n privileges on the system. (CVE-2022-4378)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c\n has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5879-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3643\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-32-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{2}-(generic|generic-64k|generic-lpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.19.0-32\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5879-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3619', 'CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-3643', 'CVE-2022-4378', 'CVE-2022-42895', 'CVE-2022-42896', 'CVE-2022-45934', 'CVE-2023-0590');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5879-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:41:59", "description": "The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5850-1 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-09T00:00:00", "type": "nessus", "title": "Ubuntu 22.10 : Linux kernel vulnerabilities (USN-5850-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3619", "CVE-2022-3628", "CVE-2022-3640", "CVE-2022-42895", "CVE-2023-0590"], "modified": "2023-04-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1013-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1013-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1018-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1019-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae"], "id": "UBUNTU_USN-5850-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171249", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5850-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171249);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\n \"CVE-2022-3619\",\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-42895\",\n \"CVE-2023-0590\"\n );\n script_xref(name:\"USN\", value:\"5850-1\");\n\n script_name(english:\"Ubuntu 22.10 : Linux kernel vulnerabilities (USN-5850-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nUSN-5850-1 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the\n identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race\n problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race\n condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5850-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3640\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1013-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1013-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1018-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1019-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-31-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)|5.19.0-\\d{4}-(aws|kvm|oracle|raspi|raspi-nolpae))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{2}-(generic|generic-64k|generic-lpae)\" : \"5.19.0-31\",\n \"5.19.0-\\d{4}-(raspi|raspi-nolpae)\" : \"5.19.0-1013\",\n \"5.19.0-\\d{4}-aws\" : \"5.19.0-1019\",\n \"5.19.0-\\d{4}-kvm\" : \"5.19.0-1018\",\n \"5.19.0-\\d{4}-oracle\" : \"5.19.0-1017\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5850-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3619', 'CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-42895', 'CVE-2023-0590');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5850-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:31", "description": "The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5878-1 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-17T00:00:00", "type": "nessus", "title": "Ubuntu 22.10 : Linux kernel (Azure) vulnerabilities (USN-5878-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3619", "CVE-2022-3628", "CVE-2022-3640", "CVE-2022-42895", "CVE-2023-0590"], "modified": "2023-04-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1020-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-5878-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171592", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5878-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171592);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/04\");\n\n script_cve_id(\n \"CVE-2022-3619\",\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-42895\",\n \"CVE-2023-0590\"\n );\n script_xref(name:\"USN\", value:\"5878-1\");\n\n script_name(english:\"Ubuntu 22.10 : Linux kernel (Azure) vulnerabilities (USN-5878-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nUSN-5878-1 advisory.\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the\n identifier assigned to this vulnerability. (CVE-2022-3619)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race\n problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race\n condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5878-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3640\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1020-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.19.0-\\d{4}-azure)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.19.0-\\d{4}-azure\" : \"5.19.0-1020\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5878-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3619', 'CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-42895', 'CVE-2023-0590');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5878-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:35", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0145-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2023:0145-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3107", "CVE-2022-3108", "CVE-2022-3564", "CVE-2022-4662", "CVE-2023-23454"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_147-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel"], "id": "SUSE_SU-2023-0145-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170704", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0145-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170704);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2022-3107\",\n \"CVE-2022-3108\",\n \"CVE-2022-3564\",\n \"CVE-2022-4662\",\n \"CVE-2023-23454\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0145-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2023:0145-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0145-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in\n drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the\n null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in\n drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial\n of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes\n indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207195\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-January/013526.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c791f1eb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_147-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.147.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.147.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.147.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.147.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_147-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:25", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5783-1 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-16T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5783-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42896"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1025-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5783-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168883", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5783-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168883);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-42896\");\n script_xref(name:\"USN\", value:\"5783-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5783-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-5783-1 advisory.\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5783-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1025-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(22\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.17.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.17.0-\\d{4}-oem\" : \"5.17.0-1025\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5783-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-42896');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5783-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:33", "description": "The version of kernel installed on the remote host is prior to 4.14.301-153.528. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1707 advisory.\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2023-1707)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3524"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1707.NASL", "href": "https://www.tenable.com/plugins/nessus/173274", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1707.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173274);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\"CVE-2022-3524\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2023-1707)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.301-153.528. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2023-1707 advisory.\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1707.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-3524.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-3524\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2023-1707\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.301-153.528.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.301-153.528.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:37:25", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. (CVE-2022-3567)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. (CVE-2022-3629)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-1126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3524", "CVE-2022-3542", "CVE-2022-3545", "CVE-2022-3564", "CVE-2022-3565", "CVE-2022-3566", "CVE-2022-3567", "CVE-2022-3586", "CVE-2022-3594", "CVE-2022-3625", "CVE-2022-3628", "CVE-2022-3629", "CVE-2022-41674", "CVE-2022-41850", "CVE-2022-41858", "CVE-2022-42703", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43750"], "modified": "2023-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2023-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/169624", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169624);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/06\");\n\n script_cve_id(\n \"CVE-2022-3524\",\n \"CVE-2022-3542\",\n \"CVE-2022-3545\",\n \"CVE-2022-3564\",\n \"CVE-2022-3565\",\n \"CVE-2022-3566\",\n \"CVE-2022-3567\",\n \"CVE-2022-3586\",\n \"CVE-2022-3594\",\n \"CVE-2022-3625\",\n \"CVE-2022-3628\",\n \"CVE-2022-3629\",\n \"CVE-2022-41674\",\n \"CVE-2022-41850\",\n \"CVE-2022-41858\",\n \"CVE-2022-42703\",\n \"CVE-2022-42895\",\n \"CVE-2022-42896\",\n \"CVE-2022-43750\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-1126)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to\n memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.\n The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)\n\n - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability\n is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the\n component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this\n issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue\n is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n of this vulnerability is VDB-211088. (CVE-2022-3565)\n\n - A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function\n tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It\n is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this\n vulnerability. (CVE-2022-3566)\n\n - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects\n the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to\n race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier\n assigned to this vulnerability. (CVE-2022-3567)\n\n - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb\n enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)\n into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of\n service. (CVE-2022-3586)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this\n vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The\n manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to\n apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.\n (CVE-2022-3594)\n\n - A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function\n devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier\n VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)\n\n - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects\n the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It\n is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this\n vulnerability. (CVE-2022-3629)\n\n - An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could\n cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect\n and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)\n remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within\n proximity of the victim. We recommend upgrading past commit https://www.google.com/url\n https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\n https://www.google.com/url (CVE-2022-42896)\n\n - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-\n space client to corrupt the monitor's internal memory. (CVE-2022-43750)\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in\n progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to\n crash the system or leak internal kernel information. (CVE-2022-41858)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1126\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?513f979a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h902.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h902.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h902.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h902.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:00", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0560-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 26 for SLE 12 SP4) (SUSE-SU-2023:0560-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0560-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172019", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0560-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172019);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0560-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 26 for SLE 12 SP4) (SUSE-SU-2023:0560-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2023:0560-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206314\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013924.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2ab10de\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150200_24_112-default, kgraft-patch-4_12_14-122_116-default and / or kgraft-\npatch-4_12_14-95_96-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.116-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_116-default-12-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-95.96-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_96-default-12-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-150200.24.112-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_112-default-13-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150200_24_112-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:40:59", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0528-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 25 for SLE 12 SP4) (SUSE-SU-2023:0528-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0528-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171955", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0528-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171955);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0528-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 25 for SLE 12 SP4) (SUSE-SU-2023:0528-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2023:0528-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206314\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013896.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9bf5f18e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-197_108-default, kgraft-patch-4_12_14-122_113-default and / or kgraft-\npatch-4_12_14-95_93-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.113-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_113-default-14-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-197.108-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_108-default-13-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.93-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_93-default-13-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-197_108-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T17:41:00", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0525-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SLE 15 SP2) (SUSE-SU-2023:0525-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_139-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_139-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171946", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0525-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171946);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0525-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SLE 15 SP2) (SUSE-SU-2023:0525-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2023:0525-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206314\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013895.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?231b79a9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-5_3_18-150200_24_139-default and / or kgraft-patch-4_12_14-122_139-default\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_139-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_139-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.139-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_139-default-3-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '5.3.18-150200.24.139-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_139-default-2-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150200_24_139-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:36", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0552-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP2) (SUSE-SU-2023:0552-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0552-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171944", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0552-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171944);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0552-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP2) (SUSE-SU-2023:0552-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2023:0552-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206314\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013900.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce83f7a9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150100_197_111-default, kernel-livepatch-5_3_18-24_107-default, kgraft-\npatch-4_12_14-122_124-default and / or kgraft-patch-4_12_14-95_105-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.124-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_124-default-9-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150100.197.111-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_111-default-12-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.105-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_105-default-7-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-24.107-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_107-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_111-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:57", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0519-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SLE 12 SP4) (SUSE-SU-2023:0519-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_131-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_114-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0519-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171911", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0519-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171911);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0519-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SLE 12 SP4) (SUSE-SU-2023:0519-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2023:0519-1 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206314\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013889.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d483c3a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150100_197_131-default and / or kgraft-patch-4_12_14-95_114-default\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_131-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-150100.197.131-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_131-default-2-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.114-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_114-default-2-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_131-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T00:41:22", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3278 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-23T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2023:3278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_71_1"], "id": "REDHAT-RHSA-2023-3278.NASL", "href": "https://www.tenable.com/plugins/nessus/176245", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:3278. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176245);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"RHSA\", value:\"2023:3278\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2023:3278)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2023:3278 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:3278\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kpatch-patch-3_10_0-1062_71_1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_71_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.71.1.el7.ppc64le': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_71_1-1-1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.71.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_71_1-1-1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1062_71_1');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T00:42:08", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3277 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-23T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2023:3277)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3564"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2023-3277.NASL", "href": "https://www.tenable.com/plugins/nessus/176247", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:3277. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176247);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2022-3564\");\n script_xref(name:\"RHSA\", value:\"2023:3277\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2023:3277)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2023:3277 advisory.\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:3277\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-3564');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2023:3277');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.72.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-bootwrapper-3.10.0-1062.72.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:25", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5853-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-09T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5853-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3649", "CVE-2022-41849", "CVE-2022-41850", "CVE-2022-42895"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1064-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1080-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1093-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1096-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1103-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi"], "id": "UBUNTU_USN-5853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171261", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5853-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171261);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2022-3628\",\n \"CVE-2022-3640\",\n \"CVE-2022-3649\",\n \"CVE-2022-41849\",\n \"CVE-2022-41850\",\n \"CVE-2022-42895\"\n );\n script_xref(name:\"USN\", value:\"5853-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5853-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5853-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs\n when a user connects to a malicious USB device. This can allow a local user to crash the system or\n escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function\n l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads\n to use after free. It is recommended to apply a patch to fix this issue. The identifier of this\n vulnerability is VDB-211944. (CVE-2022-3640)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function\n nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after\n free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-\n after-free if a physically proximate attacker removes a USB device while calling open(), aka a race\n condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req\n function which can be used to leak kernel pointers remotely. We recommend upgrading past commit\n https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\n https://www.google.com/url (CVE-2022-42895)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5853-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3640\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1064-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1080-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1086-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1093-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1096-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1103-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-139-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)|5.4.0-\\d{4}-(aws|azure|gkeop|kvm|oracle|raspi))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.4.0-\\d{3}-(generic|generic-lpae|lowlatency)\" : \"5.4.0-139\",\n \"5.4.0-\\d{4}-aws\" : \"5.4.0-1096\",\n \"5.4.0-\\d{4}-azure\" : \"5.4.0-1103\",\n \"5.4.0-\\d{4}-gkeop\" : \"5.4.0-1064\",\n \"5.4.0-\\d{4}-kvm\" : \"5.4.0-1086\",\n \"5.4.0-\\d{4}-oracle\" : \"5.4.0-1093\",\n \"5.4.0-\\d{4}-raspi\" : \"5.4.0-1080\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D.*?)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5853-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-3628', 'CVE-2022-3640', 'CVE-2022-3649', 'CVE-2022-41849', 'CVE-2022-41850', 'CVE-2022-42895');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5853-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:28", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0410-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:0410-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3107", "CVE-2022-3108", "CVE-2022-3564", "CVE-2022-4662", "CVE-2022-47929", "CVE-2023-23454"], "modified": "2023-03-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_134-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0410-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171485", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0410-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171485);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/07\");\n\n script_cve_id(\n \"CVE-2022-3107\",\n \"CVE-2022-3108\",\n \"CVE-2022-3564\",\n \"CVE-2022-4662\",\n \"CVE-2022-47929\",\n \"CVE-2023-23454\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0410-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:0410-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0410-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in\n drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the\n null pointer dereference. (CVE-2022-3107)\n\n - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in\n drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)\n\n - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the\n function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The\n manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated\n identifier of this vulnerability is VDB-211087. (CVE-2022-3564)\n\n - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches\n usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)\n\n - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows\n an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control\n configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in\n net/sched/sch_api.c. (CVE-2022-47929)\n\n - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial\n of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes\n indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1206784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207237\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-February/013764.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?077e5fde\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-4662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-47929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_134-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-devel-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-macros-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-source-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-devel-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-macros-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-source-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.134.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-man-4.12.14-150100.197.134.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.134.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.134.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.134.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.134.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.134.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.134.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'dlm-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'gfs2-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ocfs2-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'kernel-default-livepatch-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-livepatch-devel-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-livepatch-4_12_14-150100_197_134-default-1-150100.3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-man-4.12.14-150100.197.134.1', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.134.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:01", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5918-1 advisory.\n\n - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)\n\n - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. (CVE-2022-3640)\n\n - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)\n\n - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.\n The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)\n\n - drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)\n\n - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)\n\n - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)\n\n - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)\n\n - In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References:\n Upstream kernel (CVE-2023-20928)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-04T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5918-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3628", "CVE-2022-3640", "CVE-2022-3643", "CVE-2022-3649", "CVE-2022-41849", "CVE-2022-41850", "CVE-2022-42895", "CVE-2022-42896", "CVE-2022-43945", "CVE-2022-45934", "CVE-2023-20928"], "modified": "2023-03-06T00:

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12109)

Description

Related