OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)

2017-05-17T00:00:00

Description

The remote OracleVM system is missing - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] (CVE-2017-7895) - ocfs2/o2net: o2net_listen_data_ready should do nothing 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang - ipv6: Skip XFRM lookup if dst_entry in socket cache is - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) - signal: protect SIGNAL_UNKILLABLE from unintentional - KVM: x86: fix emulation of 'MOV SS, null selector' - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo - tcp: avoid infinite loop in tcp_splice_read (Eric - USB: visor: fix null-deref at probe (Johan Hovold) - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr - vhost: actually track log eventfd file (Marc-Andr&eacute - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL - KEYS: Remove key_type::match in favour of overriding 25823965] (CVE-2017-2647) (CVE-2017-2647) - USB: whiteheat: fix potential null-deref at probe (Johan - RDS: fix race condition when sending a message on - udf: Check path length when reading symlink (Jan Kara) - udf: Treat symlink component of type 2 as / (Jan Kara) - udp: properly support MSG_PEEK with truncated buffers - block: fix use-after-free in seq file (Vegard Nossum) - RHEL: complement upstream workaround for CVE-2016-1014 (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142) - net: ping: check minimum size on ICMP header length - ipv6: stop sending PTB packets for MTU < 1280 (Hagen - sg_write/bsg_write is not fit to be called under - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc - list: introduce list_first_entry_or_null (Jiri Pirko) - firewire: net: guard against rx buffer overflows (Stefan - x86/mm/32: Enable full randomization on i386 and X86_32 - x86 get_unmapped_area: Access mmap_legacy_base through - sg_start_req: make sure that there's not too many - tcp: take care of truncations done by sk_filter (Eric - rose: limit sk_filter trim to payload (Willem de Bruijn) - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer - x86: bpf_jit: fix compilation of large bpf programs - net: fix a kernel infoleak in x25 module (Kangjie Lu) - USB: digi_acceleport: do sanity checking for the number - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) - dccp: fix freeing skb too early for IPV6_RECVPKTINFO - vfs: read file_handle only once in handle_to_path (Sasha - crypto: algif_hash - Only export and import on sockets - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] - af_unix: Guard against other == sk in unix_dgram_sendmsg - unix: avoid use-after-free in ep_remove_wait_queue necessary patches to address critical security updates : if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: Wang) [Orabug: 23750748] valid (Jakub Sitnicki) [Orabug: 25534688] clearing. (Jamie Iles) [Orabug: 25549845] (Paolo Bonzini) [Orabug: 25719676] (CVE-2017-2583) (CVE-2017-2583) Ricardo Leitner) [Orabug: 25719811] (CVE-2017-5986) Dumazet) [Orabug: 25720815] (CVE-2017-6214) [Orabug: 25796604] (CVE-2016-2782) Bueso) [Orabug: 25797014] (CVE-2017-5669) Lureau) [Orabug: 25797056] (CVE-2015-6252) harder (Andy Whitcroft) [Orabug: 25814664] (CVE-2017-7184) replay_window (Andy Whitcroft) [Orabug: 25814664] (CVE-2017-7184) default by match_preparse (David Howells) [Orabug: Hovold) [Orabug: 25825107] (CVE-2015-5257) unbound socket (Quentin Casasnovas) [Orabug: 25871048] (CVE-2015-6937) (CVE-2015-6937) [Orabug: 25871104] (CVE-2015-9731) [Orabug: 25871104] (CVE-2015-9731) (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229) [Orabug: 25877531] (CVE-2016-7910) 2. (CVE-2016-10142) (Kees Cook) [Orabug: 25766914] (CVE-2016-8399) Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142) KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088) chang) [Orabug: 25752011] (CVE-2017-7187) Popov) [Orabug: 25696689] (CVE-2017-2636) [Orabug: 25696689] (CVE-2017-2636) (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636) [Orabug: 25696689] (CVE-2017-2636) Richter) [Orabug: 25451538] (CVE-2016-8633) (Hector Marco-Gisbert) [Orabug: 25463929] (CVE-2016-3672) mm_struct member (Radu Caragea) [Orabug: 25463929] (CVE-2016-3672) elements in iovec (Al Viro) [Orabug: 25490377] (CVE-2015-5707) Dumazet) [Orabug: 25507232] (CVE-2016-8645) [Orabug: 25507232] (CVE-2016-8645) (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425) (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700) [Orabug: 25512417] (CVE-2016-4580) of ports (Oliver Neukum) [Orabug: 25512472] (CVE-2016-3140) [Orabug: 25682437] (CVE-2017-6345) (Andrey Konovalov) [Orabug: 25598277] (CVE-2017-6074) Levin) [Orabug: 25388709] (CVE-2015-1420) with data (Herbert Xu) [Orabug: 25417807] [Orabug: 25462763] (CVE-2016-4482) (CVE-2016-4485) (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446) (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)

{"id": "ORACLEVM_OVMSA-2017-0106.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986995] (CVE-2017-7895)\n\n - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug:\n 25510857]\n\n - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688]\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25549845]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] (CVE-2017-2583) (CVE-2017-2583)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric Dumazet) [Orabug: 25720815] (CVE-2017-6214)\n\n - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] (CVE-2016-2782)\n\n - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] (CVE-2017-5669)\n\n - vhost: actually track log eventfd file (Marc-Andr&eacute Lureau) [Orabug: 25797056] (CVE-2015-6252)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] (CVE-2017-7184)\n\n - KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug:\n 25823965] (CVE-2017-2647) (CVE-2017-2647)\n\n - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] (CVE-2015-5257)\n\n - RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] (CVE-2015-6937) (CVE-2015-6937)\n\n - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] (CVE-2015-9731)\n\n - udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] (CVE-2015-9731)\n\n - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] (CVE-2016-7910)\n\n - RHEL: complement upstream workaround for CVE-2016-10142.\n (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142) (CVE-2016-10142)\n\n - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] (CVE-2017-2636)\n\n - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636)\n\n - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] (CVE-2017-2636)\n\n - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] (CVE-2016-8633)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] (CVE-2016-3672)\n\n - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] (CVE-2016-3672)\n\n - sg_start_req: make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] (CVE-2015-5707)\n\n - tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507232] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] (CVE-2016-8645)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425)\n\n - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700)\n\n - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] (CVE-2016-4580)\n\n - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682437] (CVE-2017-6345)\n\n - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] (CVE-2017-6074)\n\n - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)", "published": "2017-05-17T00:00:00", "modified": "2021-01-04T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/100238", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2782", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7425", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5707", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2647", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5986", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8633", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4580", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10142", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8399", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4700", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5669", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2583", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6214", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4482", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7187", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4485", "https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000728.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6345", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1420", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7910"], "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2015-4700", "CVE-2015-5257", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "immutableFields": [], "lastseen": "2023-12-02T15:34:22", "viewCount": 62, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2016-10229"]}, {"type": "altlinux", "idList": ["A988A3C1C588CA4DBEC0DA6241549C67"]}, {"type": "amazon", "idList": ["ALAS-2016-694", "ALAS-2016-703", "ALAS-2016-772", "ALAS-2017-782", "ALAS-2017-786", "ALAS-2017-805", "ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828", "ALAS-2017-832"]}, {"type": "android", "idList": ["ANDROID:CVE-2013-7446", "ANDROID:CVE-2016-10229", "ANDROID:CVE-2016-7910"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-08-01", "ANDROID:2016-09-01", "ANDROID:2016-11-01", "ANDROID:2016-12-01", "ANDROID:2017-04-01", "ANDROID:2017-05-01", "ANDROID:2017-07-01", "ANDROID:2017-09-01", "ANDROID:2017-10-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35", "ASA-201701-38", "ASA-201702-17", "ASA-201702-18", "ASA-201703-13", "ASA-201703-6", "ASA-201703-7", "ASA-201703-8"]}, {"type": "avleonov", "idList": ["AVLEONOV:258C4C7C6D4C10965793FFCDA8860939"]}, {"type": "centos", "idList": ["CESA-2015:1778", "CESA-2017:0293", "CESA-2017:0294", "CESA-2017:0323", "CESA-2017:0817", "CESA-2017:0892", "CESA-2017:0933", "CESA-2017:1308", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723", "CESA-2017:1842", "CESA-2017:2930", "CESA-2018:1062"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:17EB437F0AC67627647723802F6641F5", "CFOUNDRY:316D3894E2B3A400E830586A381960FE", "CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:43A3634884E6DDA3AD9EFD6221BBEE90", "CFOUNDRY:45D171A4CABD3B2EED5D1C76F5C7F3F2", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978", "CFOUNDRY:96E3A8B8A251E08132E367B0C5BCD522", "CFOUNDRY:C4D044657909D168617F0C63F623467E", "CFOUNDRY:DBE2857E4A4B43C72E03FDC8B6460BBB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:E4E1DF639E31042E2C6F495D3AD4AB50", "CFOUNDRY:EC22D7C9EDB0A72523F94F026F02A4D4", "CFOUNDRY:F5F537A71E1AA4DEDACA06B703EC9D12", "CFOUNDRY:F8D3E57E228B2A2C80205C1B54F3649B"]}, {"type": "cve", "idList": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2015-4700", "CVE-2015-5257", "CVE-2015-5275", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-7990", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6353", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"]}, {"type": "debian", "idList": ["DEBIAN:DLA-310-1:EAC5D", "DEBIAN:DLA-325-1:91395", "DEBIAN:DLA-360-1:6C323", "DEBIAN:DLA-516-1:B66B7", "DEBIAN:DLA-670-1:F2D9C", "DEBIAN:DLA-772-1:EB721", "DEBIAN:DLA-833-1:91DAA", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3170-1:F6570", "DEBIAN:DSA-3329-1:6C2DD", "DEBIAN:DSA-3329-1:93E26", "DEBIAN:DSA-3364-1:5D544", "DEBIAN:DSA-3364-1:B19FA", "DEBIAN:DSA-3372-1:9C218", "DEBIAN:DSA-3372-1:CF728", "DEBIAN:DSA-3396-1:605FF", "DEBIAN:DSA-3396-1:D48F1", "DEBIAN:DSA-3426-1:7C23A", "DEBIAN:DSA-3426-1:AC984", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C", "DEBIAN:DSA-3696-1:25A5B", "DEBIAN:DSA-3696-1:EEC99", "DEBIAN:DSA-3791-1:0D4D5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:0976E", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7446", "DEBIANCVE:CVE-2015-1420", "DEBIANCVE:CVE-2015-4700", "DEBIANCVE:CVE-2015-5257", "DEBIANCVE:CVE-2015-5707", "DEBIANCVE:CVE-2015-6252", "DEBIANCVE:CVE-2015-6937", "DEBIANCVE:CVE-2015-7990", "DEBIANCVE:CVE-2016-10088", "DEBIANCVE:CVE-2016-10229", "DEBIANCVE:CVE-2016-2782", "DEBIANCVE:CVE-2016-3140", "DEBIANCVE:CVE-2016-3672", "DEBIANCVE:CVE-2016-4482", "DEBIANCVE:CVE-2016-4485", "DEBIANCVE:CVE-2016-4580", "DEBIANCVE:CVE-2016-7425", "DEBIANCVE:CVE-2016-7910", "DEBIANCVE:CVE-2016-8399", "DEBIANCVE:CVE-2016-8633", "DEBIANCVE:CVE-2016-8645", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2636", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5986", "DEBIANCVE:CVE-2017-6074", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-6353", "DEBIANCVE:CVE-2017-7184", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7895"]}, {"type": "exploitdb", "idList": ["EDB-ID:39539", "EDB-ID:39669", "EDB-ID:41457", "EDB-ID:41458", "EDB-ID:47067", "EDB-ID:47625"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:4EEB4BE9E101A3B6E5FA4A3FC9B06CCD", "EXPLOITPACK:6AD5ACC620F0F4EF82BC0FA4AB29F652", "EXPLOITPACK:84D4B1F42D5DCA9623080EFFD17E58E1", "EXPLOITPACK:A80EC992E1B2F9D76F9013820F33CF10", "EXPLOITPACK:AA6ABBE8E5BE3C243DF38A29FC076191", "EXPLOITPACK:CDE6BEFB491AF8EAA191AB4CAF1FFA98"]}, {"type": "f5", "idList": ["F5:K05211147", "F5:K15004519", "F5:K17130", "F5:K17445", "F5:K17457", "F5:K17475", "F5:K18015201", "F5:K20022580", "F5:K23030550", "F5:K31209433", "F5:K32115847", "F5:K51025656", "F5:K54610514", "F5:K57211290", "F5:K81172534", "F5:K81211720", "F5:K82508682", "F5:K98102572", "SOL17130", "SOL17445", "SOL17457", "SOL17475", "SOL20022580"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0A72361F0A0B", "FEDORA:16FBC6173444", "FEDORA:1F466601E823", "FEDORA:2CC39660F53B", "FEDORA:2EB1060491B1", "FEDORA:36864607A1B4", "FEDORA:3AFA661CD89C", "FEDORA:3BDA3607A1A6", "FEDORA:4276F60157E5", "FEDORA:4375D611D164", "FEDORA:45042604D166", "FEDORA:4B62F60A865A", "FEDORA:4E39C608F49D", "FEDORA:51510605E219", "FEDORA:51EB2601616F", "FEDORA:547D9626ACA1", "FEDORA:553DD615C92C", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:60B8C60918D5", "FEDORA:6437E61257FA", "FEDORA:65FAD61713B3", "FEDORA:685B66087C53", "FEDORA:711F0612DED6", "FEDORA:85BCF6087CBF", "FEDORA:85F7B60BBD0B", "FEDORA:8C2D26090BD4", "FEDORA:8CDBE6067306", "FEDORA:92CE26061A9A", "FEDORA:92F7160874F1", "FEDORA:9D2976087C32", "FEDORA:A5F35607D661", "FEDORA:A9A0D60DF38A", "FEDORA:AA4AD60600CD", "FEDORA:B872461491E6", "FEDORA:B91586087C43", "FEDORA:BAFAB6087824", "FEDORA:C7C84604E909", "FEDORA:CE3236087E07", "FEDORA:D89B960F8CA9", "FEDORA:DC12C6205E95", "FEDORA:DDD4D6087E4D", "FEDORA:E2628616BCA2", "FEDORA:E567861DEC1E", "FEDORA:E736B60877BC", "FEDORA:EFDE7605A2A8"]}, {"type": "fortinet", "idList": ["FG-IR-17-118"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "hackerone", "idList": ["H1:347282"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "0E0A5A7B6700741752FA21EFE9AB43CC6637781C0541DB39566FEB4927470584", "1D8744BF536D5B133A0AEB6D2969DFF11DFBADCEF06C768998622BB424AF6C06", "2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "2EB88EA4D78F737250FE1F53A5FBA5002C9D5DB0B0AC64AEA952FE8504CD5896", "3225590ACA91E6DF0E178DA31C2E57BF8B7009899CBDD520B86DCF5F0582D254", "46B5E3387C4BE0F3CD3546AED67DCDCEBF831B4B2606AC65CBDF2DD046B8E2F7", "568AFE5262E7EC0E8EE6E14FF1C1D694651A8AE220CF4FA741D1505E390F16A1", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "8A124739D0569E6C53A7C49B272231FD95577DB912C506F171888BA4DA4E27BE", "96B683CDF0F8F80CEAD97593A6461520A4EA4F7D0C5E1136D74257ADE7C15BD8", "A0B3473150234C639FE6AF0F0A832767753836E0C7B4AA5A710ED063FB7AD779", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A18DD1594298170A7AF630CBFFA73E78138125D119FBC5D156128BBBD99A03EC", "A64F2FB994EA0E985794B8CD4593E029DBB3381EE638D433F6521D469A29697F", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "B6840CECFB480133167DC8D6DBBFA04BC02F46001609AF3201683057583646BD", "BA83768ADDF562AFA7479F0283B8A37655247BF1EA1F546B1BB4B6D82474807F", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "DE695F71E3366E59E6428276E5EABA598BB2B1F9CA1025C553DC82926661E92A", "DEFAAAA0DD92B12D203CFB2895EE6C4FD25C65850C377CF08FD9369E08A36AA2", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484", "F3D623A09E7D0F54DD4072DEEB91BB4360FCB6F12BC404A385E6347E729DB982"]}, {"type": "ics", "idList": ["ICSA-21-280-02"]}, {"type": "kaspersky", "idList": ["KLA10480"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500107-LENOVO-STORSELECT-DX8200C-HYPERSTORE-USE-AFTER-FREE-IN-THE-IPV6-IMPLEMENTATION-OF-THE-DCCP-PROTOCOL-IN-THE-LINUX-KERNEL-NOSID", "LENOVO:PS500107-NOSID", "LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2015-0386", "MGASA-2015-0390", "MGASA-2015-0435", "MGASA-2015-0439", "MGASA-2016-0005", "MGASA-2016-0014", "MGASA-2016-0015", "MGASA-2016-0225", "MGASA-2016-0232", "MGASA-2016-0233", "MGASA-2016-0401", "MGASA-2016-0411", "MGASA-2016-0412", "MGASA-2016-0415", "MGASA-2016-0429", "MGASA-2017-0003", "MGASA-2017-0004", "MGASA-2017-0063", "MGASA-2017-0064", "MGASA-2017-0065", "MGASA-2017-0088", "MGASA-2017-0089", "MGASA-2017-0090", "MGASA-2017-0097", "MGASA-2017-0098", "MGASA-2017-0099", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2017-0149"]}, {"type": "myhack58", "idList": ["MYHACK58:62201783679", "MYHACK58:62201783692", "MYHACK58:62201785273", "MYHACK58:62201785788", "MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-694.NASL", "ALA_ALAS-2016-703.NASL", "ALA_ALAS-2016-772.NASL", "ALA_ALAS-2017-782.NASL", "ALA_ALAS-2017-786.NASL", "ALA_ALAS-2017-805.NASL", "ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "ALA_ALAS-2017-832.NASL", "CENTOS_RHSA-2015-1778.NASL", "CENTOS_RHSA-2017-0293.NASL", "CENTOS_RHSA-2017-0294.NASL", "CENTOS_RHSA-2017-0323.NASL", "CENTOS_RHSA-2017-0817.NASL", "CENTOS_RHSA-2017-0892.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1308.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1615.NASL", "CENTOS_RHSA-2017-1723.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2017-2930.NASL", "CENTOS_RHSA-2018-1062.NASL", "DEBIAN_DLA-310.NASL", "DEBIAN_DLA-325.NASL", "DEBIAN_DLA-360.NASL", "DEBIAN_DLA-516.NASL", "DEBIAN_DLA-670.NASL", "DEBIAN_DLA-772.NASL", "DEBIAN_DLA-833.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3170.NASL", "DEBIAN_DSA-3329.NASL", "DEBIAN_DSA-3364.NASL", "DEBIAN_DSA-3372.NASL", "DEBIAN_DSA-3396.NASL", "DEBIAN_DSA-3426-1.NASL", "DEBIAN_DSA-3607.NASL", "DEBIAN_DSA-3696.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "EULEROS_SA-2016-1089.NASL", "EULEROS_SA-2017-1001.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1066.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1471.NASL", "EULEROS_SA-2019-1474.NASL", "EULEROS_SA-2019-1477.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1485.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1487.NASL", "EULEROS_SA-2019-1488.NASL", "EULEROS_SA-2019-1490.NASL", "EULEROS_SA-2019-1491.NASL", "EULEROS_SA-2019-1492.NASL", "EULEROS_SA-2019-1494.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1503.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1506.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1521.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1527.NASL", "EULEROS_SA-2019-1531.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1534.NASL", "EULEROS_SA-2019-1535.NASL", "EULEROS_SA-2019-1536.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2599.NASL", "F5_BIGIP_SOL18015201.NASL", "F5_BIGIP_SOL20022580.NASL", "F5_BIGIP_SOL23030550.NASL", "F5_BIGIP_SOL54610514.NASL", "F5_BIGIP_SOL57211290.NASL", "F5_BIGIP_SOL81211720.NASL", "F5_BIGIP_SOL82508682.NASL", "F5_BIGIP_SOL98102572.NASL", "FEDORA_2015-16417.NASL", "FEDORA_2015-16440.NASL", "FEDORA_2015-16441.NASL", "FEDORA_2015-3C8C8BA072.NASL", "FEDORA_2015-9704.NASL", "FEDORA_2015-9712.NASL", "FEDORA_2015-C1C2F5E168.NASL", "FEDORA_2015-C59710B05D.NASL", "FEDORA_2015-D7E074BA30.NASL", "FEDORA_2015-DCC260F2F2.NASL", "FEDORA_2016-02DB2F32FD.NASL", "FEDORA_2016-06F1572324.NASL", "FEDORA_2016-29CDE72F15.NASL", "FEDORA_2016-3548475BCA.NASL", "FEDORA_2016-373C063E79.NASL", "FEDORA_2016-4CE97823AF.NASL", "FEDORA_2016-76706F51A7.NASL", "FEDORA_2016-7D900003E6.NASL", "FEDORA_2016-7E602C0E5E.NASL", "FEDORA_2016-81FD1B03AA.NASL", "FEDORA_2016-8E858F96B8.NASL", "FEDORA_2016-A159C484E4.NASL", "FEDORA_2016-E5B72816D0.NASL", "FEDORA_2016-ED5110C4BB.NASL", "FEDORA_2016-EE3A114958.NASL", "FEDORA_2016-EF973EFAB7.NASL", "FEDORA_2016-F3D1F79398.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-18CE368BA3.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-4B9F61C68D.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD045F80AC.NASL", "FEDORA_2017-B9B1AC0D15.NASL", "FEDORA_2017-E6012E74B6.NASL", "FEDORA_2017-F519EBB3C4.NASL", "FEDORA_2017-FB89CA752A.NASL", "JUNIPER_JSA10780.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0044_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "OPENSUSE-2015-543.NASL", "OPENSUSE-2015-686.NASL", "OPENSUSE-2015-879.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1029.NASL", "OPENSUSE-2016-1076.NASL", "OPENSUSE-2016-1212.NASL", "OPENSUSE-2016-1227.NASL", "OPENSUSE-2016-124.NASL", "OPENSUSE-2016-136.NASL", "OPENSUSE-2016-1410.NASL", "OPENSUSE-2016-1428.NASL", "OPENSUSE-2016-1431.NASL", "OPENSUSE-2016-518.NASL", "OPENSUSE-2016-629.NASL", "OPENSUSE-2016-753.NASL", "OPENSUSE-2016-862.NASL", "OPENSUSE-2017-245.NASL", "OPENSUSE-2017-246.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-418.NASL", "OPENSUSE-2017-419.NASL", "OPENSUSE-2017-532.NASL", "OPENSUSE-2017-562.NASL", "ORACLELINUX_ELSA-2015-1778.NASL", "ORACLELINUX_ELSA-2015-3098.NASL", "ORACLELINUX_ELSA-2017-0293.NASL", "ORACLELINUX_ELSA-2017-0294.NASL", "ORACLELINUX_ELSA-2017-02941.NASL", "ORACLELINUX_ELSA-2017-0323.NASL", "ORACLELINUX_ELSA-2017-03231.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-0892.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-09331.NASL", "ORACLELINUX_ELSA-2017-1308-1.NASL", "ORACLELINUX_ELSA-2017-1308.NASL", "ORACLELINUX_ELSA-2017-13081.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-16151.NASL", "ORACLELINUX_ELSA-2017-1723.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-18421.NASL", "ORACLELINUX_ELSA-2017-2412.NASL", "ORACLELINUX_ELSA-2017-2930-1.NASL", "ORACLELINUX_ELSA-2017-2930.NASL", "ORACLELINUX_ELSA-2017-29301.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3515.NASL", "ORACLELINUX_ELSA-2017-3516.NASL", "ORACLELINUX_ELSA-2017-3520.NASL", "ORACLELINUX_ELSA-2017-3521.NASL", "ORACLELINUX_ELSA-2017-3522.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3537.NASL", "ORACLELINUX_ELSA-2017-3538.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "ORACLELINUX_ELSA-2017-3565.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2018-1062.NASL", "ORACLELINUX_ELSA-2020-3548.NASL", "ORACLELINUX_ELSA-2021-9486.NASL", "ORACLELINUX_ELSA-2021-9487.NASL", "ORACLEVM_OVMSA-2015-0147.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "ORACLEVM_OVMSA-2017-0041.NASL", "ORACLEVM_OVMSA-2017-0044.NASL", "ORACLEVM_OVMSA-2017-0045.NASL", "ORACLEVM_OVMSA-2017-0046.NASL", "ORACLEVM_OVMSA-2017-0056.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0060.NASL", "ORACLEVM_OVMSA-2017-0061.NASL", "ORACLEVM_OVMSA-2017-0062.NASL", "ORACLEVM_OVMSA-2017-0104.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "PALO_ALTO_PAN-OS_8_0_3.NASL", "PHOTONOS_PHSA-2017-0001.NASL", "PHOTONOS_PHSA-2017-0001_LINUX.NASL", "PHOTONOS_PHSA-2017-0006.NASL", "PHOTONOS_PHSA-2017-0006_LINUX.NASL", "PHOTONOS_PHSA-2017-0011.NASL", "PHOTONOS_PHSA-2017-0011_LINUX.NASL", "PULSE_CONNECT_SECURE-SA-43730.NASL", "PULSE_POLICY_SECURE-SA-43730.NASL", "RANCHEROS_0_8_1.NASL", "RANCHEROS_1_1_1.NASL", "REDHAT-RHSA-2015-1778.NASL", "REDHAT-RHSA-2015-1788.NASL", "REDHAT-RHSA-2017-0293.NASL", "REDHAT-RHSA-2017-0294.NASL", "REDHAT-RHSA-2017-0295.NASL", "REDHAT-RHSA-2017-0316.NASL", "REDHAT-RHSA-2017-0323.NASL", "REDHAT-RHSA-2017-0324.NASL", "REDHAT-RHSA-2017-0345.NASL", "REDHAT-RHSA-2017-0346.NASL", "REDHAT-RHSA-2017-0347.NASL", "REDHAT-RHSA-2017-0365.NASL", "REDHAT-RHSA-2017-0366.NASL", "REDHAT-RHSA-2017-0403.NASL", "REDHAT-RHSA-2017-0501.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2017-0869.NASL", "REDHAT-RHSA-2017-0892.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-0986.NASL", "REDHAT-RHSA-2017-1125.NASL", "REDHAT-RHSA-2017-1126.NASL", "REDHAT-RHSA-2017-1209.NASL", "REDHAT-RHSA-2017-1232.NASL", "REDHAT-RHSA-2017-1233.NASL", "REDHAT-RHSA-2017-1297.NASL", "REDHAT-RHSA-2017-1298.NASL", "REDHAT-RHSA-2017-1308.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1488.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "REDHAT-RHSA-2017-1715.NASL", "REDHAT-RHSA-2017-1723.NASL", "REDHAT-RHSA-2017-1766.NASL", "REDHAT-RHSA-2017-1798.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2412.NASL", "REDHAT-RHSA-2017-2428.NASL", "REDHAT-RHSA-2017-2429.NASL", "REDHAT-RHSA-2017-2437.NASL", "REDHAT-RHSA-2017-2444.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2732.NASL", "REDHAT-RHSA-2017-2918.NASL", "REDHAT-RHSA-2017-2930.NASL", "REDHAT-RHSA-2017-2931.NASL", "REDHAT-RHSA-2018-0676.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "REDHAT-RHSA-2019-4159.NASL", "REDHAT-RHSA-2020-3548.NASL", "REDHAT-RHSA-2020-3836.NASL", "SL_20150915_KERNEL_ON_SL7_X.NASL", "SL_20170222_KERNEL_ON_SL6_X.NASL", "SL_20170222_KERNEL_ON_SL7_X.NASL", "SL_20170224_KERNEL_ON_SL5_X.NASL", "SL_20170321_KERNEL_ON_SL6_X.NASL", "SL_20170411_KERNEL_ON_SL6_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170525_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SL_20170711_KERNEL_ON_SL6_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20171019_KERNEL_ON_SL7_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20200826_KERNEL_ON_SL6_X.NASL", "SOLARIS_OCT2018_SRU11_4_1_4_0.NASL", "SUSE_SU-2015-1478-1.NASL", "SUSE_SU-2015-1611-1.NASL", "SUSE_SU-2015-1678-1.NASL", "SUSE_SU-2015-1727-1.NASL", "SUSE_SU-2015-2108-1.NASL", "SUSE_SU-2015-2339-1.NASL", "SUSE_SU-2016-0585-1.NASL", "SUSE_SU-2016-0785-1.NASL", "SUSE_SU-2016-0911-1.NASL", "SUSE_SU-2016-1019-1.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-1690-1.NASL", "SUSE_SU-2016-1696-1.NASL", "SUSE_SU-2016-1995-1.NASL", "SUSE_SU-2016-2001-1.NASL", "SUSE_SU-2016-2002-1.NASL", "SUSE_SU-2016-2005-1.NASL", "SUSE_SU-2016-2006-1.NASL", "SUSE_SU-2016-2010-1.NASL", "SUSE_SU-2016-2014-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2105-1.NASL", "SUSE_SU-2016-2245-1.NASL", "SUSE_SU-2016-2912-1.NASL", "SUSE_SU-2016-2976-1.NASL", "SUSE_SU-2017-0181-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0437-1.NASL", "SUSE_SU-2017-0464-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-0575-1.NASL", "SUSE_SU-2017-0864-1.NASL", "SUSE_SU-2017-0865-1.NASL", "SUSE_SU-2017-0866-1.NASL", "SUSE_SU-2017-0873-1.NASL", "SUSE_SU-2017-0875-1.NASL", "SUSE_SU-2017-0876-1.NASL", "SUSE_SU-2017-0880-1.NASL", "SUSE_SU-2017-0881-1.NASL", "SUSE_SU-2017-0888-1.NASL", "SUSE_SU-2017-0889-1.NASL", "SUSE_SU-2017-0912-1.NASL", "SUSE_SU-2017-0913-1.NASL", "SUSE_SU-2017-1183-1.NASL", "SUSE_SU-2017-1247-1.NASL", "SUSE_SU-2017-1301-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2389-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2920-1.NASL", "UBUNTU_USN-2660-1.NASL", "UBUNTU_USN-2662-1.NASL", "UBUNTU_USN-2663-1.NASL", "UBUNTU_USN-2664-1.NASL", "UBUNTU_USN-2665-1.NASL", "UBUNTU_USN-2666-1.NASL", "UBUNTU_USN-2667-1.NASL", "UBUNTU_USN-2678-1.NASL", "UBUNTU_USN-2680-1.NASL", "UBUNTU_USN-2681-1.NASL", "UBUNTU_USN-2683-1.NASL", "UBUNTU_USN-2684-1.NASL", "UBUNTU_USN-2733-1.NASL", "UBUNTU_USN-2734-1.NASL", "UBUNTU_USN-2737-1.NASL", "UBUNTU_USN-2738-1.NASL", "UBUNTU_USN-2748-1.NASL", "UBUNTU_USN-2749-1.NASL", "UBUNTU_USN-2750-1.NASL", "UBUNTU_USN-2751-1.NASL", "UBUNTU_USN-2752-1.NASL", "UBUNTU_USN-2759-1.NASL", "UBUNTU_USN-2773-1.NASL", "UBUNTU_USN-2775-1.NASL", "UBUNTU_USN-2776-1.NASL", "UBUNTU_USN-2777-1.NASL", "UBUNTU_USN-2778-1.NASL", "UBUNTU_USN-2779-1.NASL", "UBUNTU_USN-2792-1.NASL", "UBUNTU_USN-2794-1.NASL", "UBUNTU_USN-2795-1.NASL", "UBUNTU_USN-2797-1.NASL", "UBUNTU_USN-2798-1.NASL", "UBUNTU_USN-2799-1.NASL", "UBUNTU_USN-2886-1.NASL", "UBUNTU_USN-2887-1.NASL", "UBUNTU_USN-2887-2.NASL", "UBUNTU_USN-2888-1.NASL", "UBUNTU_USN-2889-1.NASL", "UBUNTU_USN-2889-2.NASL", "UBUNTU_USN-2890-1.NASL", "UBUNTU_USN-2890-2.NASL", "UBUNTU_USN-2890-3.NASL", "UBUNTU_USN-2929-1.NASL", "UBUNTU_USN-2929-2.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-2932-1.NASL", "UBUNTU_USN-2948-1.NASL", "UBUNTU_USN-2948-2.NASL", "UBUNTU_USN-2965-1.NASL", "UBUNTU_USN-2965-2.NASL", "UBUNTU_USN-2965-3.NASL", "UBUNTU_USN-2965-4.NASL", "UBUNTU_USN-2967-1.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-2971-1.NASL", "UBUNTU_USN-2971-2.NASL", "UBUNTU_USN-2971-3.NASL", "UBUNTU_USN-2989-1.NASL", "UBUNTU_USN-2996-1.NASL", "UBUNTU_USN-2998-1.NASL", "UBUNTU_USN-3000-1.NASL", "UBUNTU_USN-3001-1.NASL", "UBUNTU_USN-3002-1.NASL", "UBUNTU_USN-3003-1.NASL", "UBUNTU_USN-3004-1.NASL", "UBUNTU_USN-3005-1.NASL", "UBUNTU_USN-3006-1.NASL", "UBUNTU_USN-3007-1.NASL", "UBUNTU_USN-3016-1.NASL", "UBUNTU_USN-3016-2.NASL", "UBUNTU_USN-3016-3.NASL", "UBUNTU_USN-3016-4.NASL", "UBUNTU_USN-3017-1.NASL", "UBUNTU_USN-3017-2.NASL", "UBUNTU_USN-3017-3.NASL", "UBUNTU_USN-3018-1.NASL", "UBUNTU_USN-3018-2.NASL", "UBUNTU_USN-3019-1.NASL", "UBUNTU_USN-3020-1.NASL", "UBUNTU_USN-3021-1.NASL", "UBUNTU_USN-3144-1.NASL", "UBUNTU_USN-3145-1.NASL", "UBUNTU_USN-3145-2.NASL", "UBUNTU_USN-3146-1.NASL", "UBUNTU_USN-3146-2.NASL", "UBUNTU_USN-3147-1.NASL", "UBUNTU_USN-3161-1.NASL", "UBUNTU_USN-3161-2.NASL", "UBUNTU_USN-3161-3.NASL", "UBUNTU_USN-3161-4.NASL", "UBUNTU_USN-3162-1.NASL", "UBUNTU_USN-3162-2.NASL", "UBUNTU_USN-3189-1.NASL", "UBUNTU_USN-3189-2.NASL", "UBUNTU_USN-3190-1.NASL", "UBUNTU_USN-3190-2.NASL", "UBUNTU_USN-3206-1.NASL", "UBUNTU_USN-3207-1.NASL", "UBUNTU_USN-3207-2.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3218-1.NASL", "UBUNTU_USN-3219-1.NASL", "UBUNTU_USN-3219-2.NASL", "UBUNTU_USN-3220-1.NASL", "UBUNTU_USN-3220-2.NASL", "UBUNTU_USN-3220-3.NASL", "UBUNTU_USN-3221-1.NASL", "UBUNTU_USN-3221-2.NASL", "UBUNTU_USN-3248-1.NASL", "UBUNTU_USN-3249-1.NASL", "UBUNTU_USN-3249-2.NASL", "UBUNTU_USN-3250-1.NASL", "UBUNTU_USN-3250-2.NASL", "UBUNTU_USN-3251-1.NASL", "UBUNTU_USN-3251-2.NASL", "UBUNTU_USN-3264-1.NASL", "UBUNTU_USN-3264-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3266-1.NASL", "UBUNTU_USN-3266-2.NASL", "UBUNTU_USN-3290-1.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3445-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-3849-1.NASL", "VIRTUOZZO_VZA-2016-104.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-007.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-017.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2017-026.NASL", "VIRTUOZZO_VZA-2017-028.NASL", "VIRTUOZZO_VZA-2017-029.NASL", "VIRTUOZZO_VZA-2017-037.NASL", "VIRTUOZZO_VZA-2017-038.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2017-097.NASL", "VIRTUOZZO_VZA-2017-098.NASL", "VIRTUOZZO_VZLSA-2017-0293.NASL", "VIRTUOZZO_VZLSA-2017-0294.NASL", "VIRTUOZZO_VZLSA-2017-0323.NASL", "VIRTUOZZO_VZLSA-2017-0892.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1308.NASL", "VIRTUOZZO_VZLSA-2017-1372.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106751", "OPENVAS:1361412562310106882", "OPENVAS:1361412562310120683", "OPENVAS:1361412562310120692", "OPENVAS:1361412562310122732", "OPENVAS:1361412562310123005", "OPENVAS:1361412562310130003", "OPENVAS:1361412562310130007", "OPENVAS:1361412562310131108", "OPENVAS:1361412562310131129", "OPENVAS:1361412562310131174", "OPENVAS:1361412562310131175", "OPENVAS:1361412562310131182", "OPENVAS:1361412562310703170", "OPENVAS:1361412562310703329", "OPENVAS:1361412562310703364", "OPENVAS:1361412562310703372", "OPENVAS:1361412562310703396", "OPENVAS:1361412562310703426", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310703696", "OPENVAS:1361412562310703791", "OPENVAS:1361412562310703804", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310807779", "OPENVAS:1361412562310807904", "OPENVAS:1361412562310807916", "OPENVAS:1361412562310807977", "OPENVAS:1361412562310808012", "OPENVAS:1361412562310808319", "OPENVAS:1361412562310808336", "OPENVAS:1361412562310808353", "OPENVAS:1361412562310808414", "OPENVAS:1361412562310810136", "OPENVAS:1361412562310810159", "OPENVAS:1361412562310812046", "OPENVAS:1361412562310842268", "OPENVAS:1361412562310842269", "OPENVAS:1361412562310842270", "OPENVAS:1361412562310842271", "OPENVAS:1361412562310842272", "OPENVAS:1361412562310842274", "OPENVAS:1361412562310842275", "OPENVAS:1361412562310842380", "OPENVAS:1361412562310842381", "OPENVAS:1361412562310842382", "OPENVAS:1361412562310842384", "OPENVAS:1361412562310842385", "OPENVAS:1361412562310842429", "OPENVAS:1361412562310842430", "OPENVAS:1361412562310842435", "OPENVAS:1361412562310842443", "OPENVAS:1361412562310842446", "OPENVAS:1361412562310842451", "OPENVAS:1361412562310842463", "OPENVAS:1361412562310842466", "OPENVAS:1361412562310842467", "OPENVAS:1361412562310842468", "OPENVAS:1361412562310842469", "OPENVAS:1361412562310842474", "OPENVAS:1361412562310842475", "OPENVAS:1361412562310842492", "OPENVAS:1361412562310842493", "OPENVAS:1361412562310842494", "OPENVAS:1361412562310842496", "OPENVAS:1361412562310842498", "OPENVAS:1361412562310842499", "OPENVAS:1361412562310842500", "OPENVAS:1361412562310842514", "OPENVAS:1361412562310842515", "OPENVAS:1361412562310842516", "OPENVAS:1361412562310842517", "OPENVAS:1361412562310842519", "OPENVAS:1361412562310842520", "OPENVAS:1361412562310842521", "OPENVAS:1361412562310842621", "OPENVAS:1361412562310842622", "OPENVAS:1361412562310842623", "OPENVAS:1361412562310842624", "OPENVAS:1361412562310842625", "OPENVAS:1361412562310842627", "OPENVAS:1361412562310842628", "OPENVAS:1361412562310842629", "OPENVAS:1361412562310842631", "OPENVAS:1361412562310842632", "OPENVAS:1361412562310842686", "OPENVAS:1361412562310842690", "OPENVAS:1361412562310842691", "OPENVAS:1361412562310842692", "OPENVAS:1361412562310842693", "OPENVAS:1361412562310842698", "OPENVAS:1361412562310842713", "OPENVAS:1361412562310842734", "OPENVAS:1361412562310842735", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310842738", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842741", "OPENVAS:1361412562310842742", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310842755", "OPENVAS:1361412562310842759", "OPENVAS:1361412562310842762", "OPENVAS:1361412562310842779", "OPENVAS:1361412562310842786", "OPENVAS:1361412562310842787", "OPENVAS:1361412562310842788", "OPENVAS:1361412562310842790", "OPENVAS:1361412562310842791", "OPENVAS:1361412562310842792", "OPENVAS:1361412562310842793", "OPENVAS:1361412562310842794", "OPENVAS:1361412562310842795", "OPENVAS:1361412562310842796", "OPENVAS:1361412562310842797", "OPENVAS:1361412562310842805", "OPENVAS:1361412562310842806", "OPENVAS:1361412562310842807", "OPENVAS:1361412562310842808", "OPENVAS:1361412562310842809", "OPENVAS:1361412562310842810", "OPENVAS:1361412562310842811", "OPENVAS:1361412562310842812", "OPENVAS:1361412562310842813", "OPENVAS:1361412562310842814", "OPENVAS:1361412562310842815", "OPENVAS:1361412562310842816", "OPENVAS:1361412562310842817", "OPENVAS:1361412562310842963", "OPENVAS:1361412562310842964", "OPENVAS:1361412562310842965", "OPENVAS:1361412562310842970", "OPENVAS:1361412562310842971", "OPENVAS:1361412562310842972", "OPENVAS:1361412562310842977", "OPENVAS:1361412562310842997", "OPENVAS:1361412562310842998", "OPENVAS:1361412562310842999", "OPENVAS:1361412562310843000", "OPENVAS:1361412562310843001", "OPENVAS:1361412562310843004", "OPENVAS:1361412562310843039", "OPENVAS:1361412562310843040", "OPENVAS:1361412562310843041", "OPENVAS:1361412562310843050", "OPENVAS:1361412562310843060", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843063", "OPENVAS:1361412562310843064", "OPENVAS:1361412562310843065", "OPENVAS:1361412562310843075", "OPENVAS:1361412562310843076", "OPENVAS:1361412562310843077", "OPENVAS:1361412562310843078", "OPENVAS:1361412562310843079", "OPENVAS:1361412562310843081", "OPENVAS:1361412562310843082", "OPENVAS:1361412562310843083", "OPENVAS:1361412562310843114", "OPENVAS:1361412562310843115", "OPENVAS:1361412562310843116", "OPENVAS:1361412562310843117", "OPENVAS:1361412562310843119", "OPENVAS:1361412562310843120", "OPENVAS:1361412562310843121", "OPENVAS:1361412562310843137", "OPENVAS:1361412562310843138", "OPENVAS:1361412562310843139", "OPENVAS:1361412562310843140", "OPENVAS:1361412562310843141", "OPENVAS:1361412562310843142", "OPENVAS:1361412562310843164", "OPENVAS:1361412562310843165", "OPENVAS:1361412562310843169", "OPENVAS:1361412562310843175", "OPENVAS:1361412562310843176", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843326", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310850675", "OPENVAS:1361412562310850904", "OPENVAS:1361412562310851121", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851197", "OPENVAS:1361412562310851242", "OPENVAS:1361412562310851320", "OPENVAS:1361412562310851349", "OPENVAS:1361412562310851358", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310851390", "OPENVAS:1361412562310851414", "OPENVAS:1361412562310851420", "OPENVAS:1361412562310851444", "OPENVAS:1361412562310851448", "OPENVAS:1361412562310851449", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310851515", "OPENVAS:1361412562310851516", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310851530", "OPENVAS:1361412562310851544", "OPENVAS:1361412562310851548", "OPENVAS:1361412562310869459", "OPENVAS:1361412562310869476", "OPENVAS:1361412562310869505", "OPENVAS:1361412562310869608", "OPENVAS:1361412562310869836", "OPENVAS:1361412562310869857", "OPENVAS:1361412562310869860", "OPENVAS:1361412562310869886", "OPENVAS:1361412562310869889", "OPENVAS:1361412562310869982", "OPENVAS:1361412562310869986", "OPENVAS:1361412562310871452", "OPENVAS:1361412562310871761", "OPENVAS:1361412562310871762", "OPENVAS:1361412562310871765", "OPENVAS:1361412562310871783", "OPENVAS:1361412562310871794", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871823", "OPENVAS:1361412562310871827", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310871842", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310871956", "OPENVAS:1361412562310871967", "OPENVAS:1361412562310872159", "OPENVAS:1361412562310872163", "OPENVAS:1361412562310872292", "OPENVAS:1361412562310872293", "OPENVAS:1361412562310872383", "OPENVAS:1361412562310872418", "OPENVAS:1361412562310872419", "OPENVAS:1361412562310872473", "OPENVAS:1361412562310872476", "OPENVAS:1361412562310872547", "OPENVAS:1361412562310872548", "OPENVAS:1361412562310872568", "OPENVAS:1361412562310872569", "OPENVAS:1361412562310872655", "OPENVAS:1361412562310872656", "OPENVAS:1361412562310882285", "OPENVAS:1361412562310882664", "OPENVAS:1361412562310882665", "OPENVAS:1361412562310882668", "OPENVAS:1361412562310882674", "OPENVAS:1361412562310882688", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882725", "OPENVAS:1361412562310882728", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310882752", "OPENVAS:1361412562310882792", "OPENVAS:1361412562310890833", "OPENVAS:1361412562310890849", "OPENVAS:1361412562310890922", "OPENVAS:1361412562311220161089", "OPENVAS:1361412562311220171001", "OPENVAS:1361412562311220171056", "OPENVAS:1361412562311220171057", "OPENVAS:1361412562311220171066", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191471", "OPENVAS:1361412562311220191474", "OPENVAS:1361412562311220191477", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191485", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191487", "OPENVAS:1361412562311220191488", "OPENVAS:1361412562311220191490", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191492", "OPENVAS:1361412562311220191494", "OPENVAS:1361412562311220191496", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191503", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191506", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191521", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191527", "OPENVAS:1361412562311220191531", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191534", "OPENVAS:1361412562311220191535", "OPENVAS:1361412562311220191536", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192599", "OPENVAS:703170", "OPENVAS:703329", "OPENVAS:703364", "OPENVAS:703372", "OPENVAS:703396", "OPENVAS:703426", "OPENVAS:703607", "OPENVAS:703696", "OPENVAS:703791", "OPENVAS:703804", "OPENVAS:703886"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2018", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1778", "ELSA-2015-3098", "ELSA-2017-0293", "ELSA-2017-0294", "ELSA-2017-0294-1", "ELSA-2017-0307", "ELSA-2017-0323", "ELSA-2017-0323-1", "ELSA-2017-0817", "ELSA-2017-0892", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1308", "ELSA-2017-1308-1", "ELSA-2017-1372", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-1723", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2412", "ELSA-2017-2801", "ELSA-2017-2930", "ELSA-2017-2930-1", "ELSA-2017-3514", "ELSA-2017-3515", "ELSA-2017-3516", "ELSA-2017-3520", "ELSA-2017-3521", "ELSA-2017-3522", "ELSA-2017-3533", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3537", "ELSA-2017-3538", "ELSA-2017-3539", "ELSA-2017-3565", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3576", "ELSA-2017-3590", "ELSA-2017-3595", "ELSA-2017-3609", "ELSA-2018-1062", "ELSA-2018-1854", "ELSA-2019-4702", "ELSA-2019-4732", "ELSA-2020-3548", "ELSA-2021-9486", "ELSA-2021-9487"]}, {"type": "osv", "idList": ["OSV:CVE-2016-10229", "OSV:DLA-310-1", "OSV:DLA-325-1", "OSV:DLA-360-1", "OSV:DLA-516-1", "OSV:DLA-670-1", "OSV:DLA-772-1", "OSV:DLA-833-1", "OSV:DLA-849-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3170-1", "OSV:DSA-3329-1", "OSV:DSA-3364-1", "OSV:DSA-3372-1", "OSV:DSA-3396-1", "OSV:DSA-3426-1", "OSV:DSA-3426-2", "OSV:DSA-3607-1", "OSV:DSA-3696-1", "OSV:DSA-3791-1", "OSV:DSA-3804-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136142", "PACKETSTORM:136144", "PACKETSTORM:136218", "PACKETSTORM:141331", "PACKETSTORM:141339", "PACKETSTORM:153493", "PACKETSTORM:155267"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0018"]}, {"type": "photon", "idList": ["PHSA-2016-0007", "PHSA-2017-0011", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2018-0031", "PHSA-2019-0178"]}, {"type": "prion", "idList": ["PRION:CVE-2013-7446", "PRION:CVE-2015-1420", "PRION:CVE-2015-4700", "PRION:CVE-2015-5257", "PRION:CVE-2015-5707", "PRION:CVE-2015-6252", "PRION:CVE-2015-6937", "PRION:CVE-2015-7990", "PRION:CVE-2016-10088", "PRION:CVE-2016-10142", "PRION:CVE-2016-10229", "PRION:CVE-2016-2782", "PRION:CVE-2016-3140", "PRION:CVE-2016-3672", "PRION:CVE-2016-4482", "PRION:CVE-2016-4485", "PRION:CVE-2016-4580", "PRION:CVE-2016-7425", "PRION:CVE-2016-7910", "PRION:CVE-2016-8399", "PRION:CVE-2016-8633", "PRION:CVE-2016-8645", "PRION:CVE-2017-2583", "PRION:CVE-2017-2636", "PRION:CVE-2017-2647", "PRION:CVE-2017-5669", "PRION:CVE-2017-5986", "PRION:CVE-2017-6074", "PRION:CVE-2017-6214", "PRION:CVE-2017-6345", "PRION:CVE-2017-6353", "PRION:CVE-2017-7184", "PRION:CVE-2017-7187", "PRION:CVE-2017-7895"]}, {"type": "ptsecurity", "idList": ["PT-2017-06"]}, {"type": "redhat", "idList": ["RHSA-2015:1778", "RHSA-2015:1788", "RHSA-2017:0293", "RHSA-2017:0294", "RHSA-2017:0295", "RHSA-2017:0316", "RHSA-2017:0323", "RHSA-2017:0324", "RHSA-2017:0345", "RHSA-2017:0346", "RHSA-2017:0347", "RHSA-2017:0365", "RHSA-2017:0366", "RHSA-2017:0403", "RHSA-2017:0501", "RHSA-2017:0817", "RHSA-2017:0869", "RHSA-2017:0892", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0933", "RHSA-2017:0986", "RHSA-2017:1125", "RHSA-2017:1126", "RHSA-2017:1209", "RHSA-2017:1232", "RHSA-2017:1233", "RHSA-2017:1297", "RHSA-2017:1298", "RHSA-2017:1308", "RHSA-2017:1372", "RHSA-2017:1488", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647", "RHSA-2017:1715", "RHSA-2017:1723", "RHSA-2017:1766", "RHSA-2017:1798", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2412", "RHSA-2017:2428", "RHSA-2017:2429", "RHSA-2017:2437", "RHSA-2017:2444", "RHSA-2017:2472", "RHSA-2017:2669", "RHSA-2017:2732", "RHSA-2017:2918", "RHSA-2017:2930", "RHSA-2017:2931", "RHSA-2018:0676", "RHSA-2018:1062", "RHSA-2019:1170", "RHSA-2019:1190", "RHSA-2019:4159", "RHSA-2020:3548", "RHSA-2020:3836"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-10142", "RH:CVE-2016-4485", "RH:CVE-2016-4580", "RH:CVE-2016-7425", "RH:CVE-2016-7910", "RH:CVE-2016-8399", "RH:CVE-2016-8633", "RH:CVE-2016-8645", "RH:CVE-2017-2583", "RH:CVE-2017-2636", "RH:CVE-2017-2647", "RH:CVE-2017-5669", "RH:CVE-2017-5986", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6353", "RH:CVE-2017-7184", "RH:CVE-2017-7187"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31766", "SECURITYVULNS:DOC:32313", "SECURITYVULNS:DOC:32314", "SECURITYVULNS:DOC:32513", "SECURITYVULNS:VULN:14292", "SECURITYVULNS:VULN:14579"]}, {"type": "seebug", "idList": ["SSV:92700", "SSV:92755", "SSV:92861", "SSV:92945"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1382-1", "OPENSUSE-SU-2015:1842-1", "OPENSUSE-SU-2016:0301-1", "OPENSUSE-SU-2016:0318-1", "OPENSUSE-SU-2016:1382-1", "OPENSUSE-SU-2016:1641-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2184-1", "OPENSUSE-SU-2016:2290-1", "OPENSUSE-SU-2016:2583-1", "OPENSUSE-SU-2016:2625-1", "OPENSUSE-SU-2016:2649-1", "OPENSUSE-SU-2016:3021-1", "OPENSUSE-SU-2016:3058-1", "OPENSUSE-SU-2016:3061-1", "OPENSUSE-SU-2017:0456-1", "OPENSUSE-SU-2017:0458-1", "OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:0906-1", "OPENSUSE-SU-2017:0907-1", "OPENSUSE-SU-2017:1140-1", "OPENSUSE-SU-2017:1215-1", "SUSE-SU-2015:1224-1", "SUSE-SU-2015:1478-1", "SUSE-SU-2015:1487-1", "SUSE-SU-2015:1488-1", "SUSE-SU-2015:1489-1", "SUSE-SU-2015:1490-1", "SUSE-SU-2015:1491-1", "SUSE-SU-2015:1592-1", "SUSE-SU-2015:1611-1", "SUSE-SU-2015:1727-1", "SUSE-SU-2015:2084-1", "SUSE-SU-2015:2085-1", "SUSE-SU-2015:2086-1", "SUSE-SU-2015:2087-1", "SUSE-SU-2015:2089-1", "SUSE-SU-2015:2090-1", "SUSE-SU-2015:2091-1", "SUSE-SU-2015:2108-1", "SUSE-SU-2015:2339-1", "SUSE-SU-2015:2350-1", "SUSE-SU-2016:0335-1", "SUSE-SU-2016:0337-1", "SUSE-SU-2016:0354-1", "SUSE-SU-2016:0380-1", "SUSE-SU-2016:0381-1", "SUSE-SU-2016:0383-1", "SUSE-SU-2016:0384-1", "SUSE-SU-2016:0386-1", "SUSE-SU-2016:0387-1", "SUSE-SU-2016:0434-1", "SUSE-SU-2016:0585-1", "SUSE-SU-2016:0745-1", "SUSE-SU-2016:0746-1", "SUSE-SU-2016:0747-1", "SUSE-SU-2016:0749-1", "SUSE-SU-2016:0750-1", "SUSE-SU-2016:0751-1", "SUSE-SU-2016:0752-1", "SUSE-SU-2016:0753-1", "SUSE-SU-2016:0754-1", "SUSE-SU-2016:0755-1", "SUSE-SU-2016:0756-1", "SUSE-SU-2016:0757-1", "SUSE-SU-2016:0785-1", "SUSE-SU-2016:0911-1", "SUSE-SU-2016:1019-1", "SUSE-SU-2016:1102-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1690-1", "SUSE-SU-2016:1696-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:1937-1", "SUSE-SU-2016:1961-1", "SUSE-SU-2016:1985-1", "SUSE-SU-2016:1994-1", "SUSE-SU-2016:1995-1", "SUSE-SU-2016:2000-1", "SUSE-SU-2016:2001-1", "SUSE-SU-2016:2002-1", "SUSE-SU-2016:2003-1", "SUSE-SU-2016:2005-1", "SUSE-SU-2016:2006-1", "SUSE-SU-2016:2007-1", "SUSE-SU-2016:2009-1", "SUSE-SU-2016:2010-1", "SUSE-SU-2016:2011-1", "SUSE-SU-2016:2014-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2105-1", "SUSE-SU-2016:2245-1", "SUSE-SU-2016:2912-1", "SUSE-SU-2016:2976-1", "SUSE-SU-2016:3069-1", "SUSE-SU-2016:3304-1", "SUSE-SU-2017:0181-1", "SUSE-SU-2017:0227-1", "SUSE-SU-2017:0228-1", "SUSE-SU-2017:0232-1", "SUSE-SU-2017:0293-1", "SUSE-SU-2017:0307-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0864-1", "SUSE-SU-2017:0865-1", "SUSE-SU-2017:0866-1", "SUSE-SU-2017:0867-1", "SUSE-SU-2017:0868-1", "SUSE-SU-2017:0873-1", "SUSE-SU-2017:0875-1", "SUSE-SU-2017:0876-1", "SUSE-SU-2017:0877-1", "SUSE-SU-2017:0878-1", "SUSE-SU-2017:0880-1", "SUSE-SU-2017:0881-1", "SUSE-SU-2017:0882-1", "SUSE-SU-2017:0884-1", "SUSE-SU-2017:0885-1", "SUSE-SU-2017:0886-1", "SUSE-SU-2017:0887-1", "SUSE-SU-2017:0888-1", "SUSE-SU-2017:0912-1", "SUSE-SU-2017:0913-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1183-1", "SUSE-SU-2017:1247-1", "SUSE-SU-2017:1301-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2920-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "thn", "idList": ["THN:11E7CC33794D9968747131F3F0AE8716", "THN:FA88848EF7446185D7481A0AB338ACA7"]}, {"type": "threatpost", "idList": ["THREATPOST:178E0668804E2DA1322D2C1DCF6CA893"]}, {"type": "ubuntu", "idList": ["USN-2660-1", "USN-2661-1", "USN-2662-1", "USN-2663-1", "USN-2664-1", "USN-2665-1", "USN-2666-1", "USN-2667-1", "USN-2678-1", "USN-2679-1", "USN-2680-1", "USN-2681-1", "USN-2683-1", "USN-2684-1", "USN-2733-1", "USN-2734-1", "USN-2737-1", "USN-2738-1", "USN-2748-1", "USN-2749-1", "USN-2750-1", "USN-2751-1", "USN-2752-1", "USN-2759-1", "USN-2760-1", "USN-2773-1", "USN-2774-1", "USN-2775-1", "USN-2776-1", "USN-2777-1", "USN-2778-1", "USN-2779-1", "USN-2792-1", "USN-2794-1", "USN-2795-1", "USN-2796-1", "USN-2797-1", "USN-2798-1", "USN-2799-1", "USN-2886-1", "USN-2886-2", "USN-2887-1", "USN-2887-2", "USN-2888-1", "USN-2889-1", "USN-2889-2", "USN-2890-1", "USN-2890-2", "USN-2890-3", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2965-1", "USN-2965-2", "USN-2965-3", "USN-2965-4", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-2989-1", "USN-2996-1", "USN-2997-1", "USN-2998-1", "USN-3000-1", "USN-3001-1", "USN-3002-1", "USN-3003-1", "USN-3004-1", "USN-3005-1", "USN-3006-1", "USN-3007-1", "USN-3016-1", "USN-3016-2", "USN-3016-3", "USN-3016-4", "USN-3017-1", "USN-3017-2", "USN-3017-3", "USN-3018-1", "USN-3018-2", "USN-3019-1", "USN-3020-1", "USN-3021-1", "USN-3021-2", "USN-3144-1", "USN-3144-2", "USN-3145-1", "USN-3145-2", "USN-3146-1", "USN-3146-2", "USN-3147-1", "USN-3161-1", "USN-3161-2", "USN-3161-3", "USN-3161-4", "USN-3162-1", "USN-3162-2", "USN-3189-1", "USN-3189-2", "USN-3190-1", "USN-3190-2", "USN-3206-1", "USN-3207-1", "USN-3207-2", "USN-3208-1", "USN-3208-2", "USN-3209-1", "USN-3218-1", "USN-3219-1", "USN-3219-2", "USN-3220-1", "USN-3220-2", "USN-3220-3", "USN-3221-1", "USN-3221-2", "USN-3248-1", "USN-3249-1", "USN-3249-2", "USN-3250-1", "USN-3250-2", "USN-3251-1", "USN-3251-2", "USN-3264-1", "USN-3264-2", "USN-3265-1", "USN-3265-2", "USN-3266-1", "USN-3266-2", "USN-3290-1", "USN-3291-1", "USN-3291-2", "USN-3291-3", "USN-3293-1", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3361-1", "USN-3422-1", "USN-3422-2", "USN-3445-1", "USN-3445-2", "USN-3583-1", "USN-3583-2", "USN-3754-1", "USN-3849-1", "USN-3849-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7446", "UB:CVE-2015-1420", "UB:CVE-2015-4700", "UB:CVE-2015-5257", "UB:CVE-2015-5707", "UB:CVE-2015-6252", "UB:CVE-2015-6937", "UB:CVE-2015-7990", "UB:CVE-2016-10088", "UB:CVE-2016-10142", "UB:CVE-2016-10229", "UB:CVE-2016-2782", "UB:CVE-2016-3140", "UB:CVE-2016-3672", "UB:CVE-2016-4482", "UB:CVE-2016-4485", "UB:CVE-2016-4580", "UB:CVE-2016-7425", "UB:CVE-2016-7910", "UB:CVE-2016-8399", "UB:CVE-2016-8633", "UB:CVE-2016-8645", "UB:CVE-2017-2583", "UB:CVE-2017-2636", "UB:CVE-2017-2647", "UB:CVE-2017-5669", "UB:CVE-2017-5986", "UB:CVE-2017-6074", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-6353", "UB:CVE-2017-7184", "UB:CVE-2017-7187", "UB:CVE-2017-7895"]}, {"type": "veracode", "idList": ["VERACODE:12299", "VERACODE:12399", "VERACODE:12404", "VERACODE:12412", "VERACODE:12427", "VERACODE:12432", "VERACODE:12506", "VERACODE:12754", "VERACODE:17712", "VERACODE:18067", "VERACODE:18131", "VERACODE:18234", "VERACODE:18242", "VERACODE:18248", "VERACODE:18828", "VERACODE:19161", "VERACODE:25232"]}, {"type": "virtuozzo", "idList": ["VZA-2016-104", "VZA-2017-004", "VZA-2017-007", "VZA-2017-010", "VZA-2017-016", "VZA-2017-017", "VZA-2017-019", "VZA-2017-021", "VZA-2017-024", "VZA-2017-025", "VZA-2017-026", "VZA-2017-028", "VZA-2017-029", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042", "VZA-2017-097", "VZA-2017-098"]}, {"type": "zdi", "idList": ["ZDI-17-240"]}, {"type": "zdt", "idList": ["1337DAY-ID-25870", "1337DAY-ID-25872", "1337DAY-ID-25969", "1337DAY-ID-27133", "1337DAY-ID-27134", "1337DAY-ID-33499"]}, {"type": "zeroscience", "idList": ["ZSL-2019-5526"]}]}, "score": {"value": 7.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-782", "ALAS-2017-786", "ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828", "ALAS-2017-832"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-10229"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-09-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35", "ASA-201702-17", "ASA-201703-6", "ASA-201703-7", "ASA-201703-8"]}, {"type": "avleonov", "idList": ["AVLEONOV:258C4C7C6D4C10965793FFCDA8860939"]}, {"type": "centos", "idList": ["CESA-2017:0293", "CESA-2017:0294", "CESA-2017:0323", "CESA-2017:0933", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:45D171A4CABD3B2EED5D1C76F5C7F3F2", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:E4E1DF639E31042E2C6F495D3AD4AB50", "CFOUNDRY:EC22D7C9EDB0A72523F94F026F02A4D4"]}, {"type": "cve", "idList": ["CVE-2013-7446", "CVE-2015-6252", "CVE-2015-6937", "CVE-2016-10142", "CVE-2016-10229", "CVE-2016-7425", "CVE-2016-8399", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"]}, {"type": "debian", "idList": ["DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:F6458"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7446", "DEBIANCVE:CVE-2015-1420", "DEBIANCVE:CVE-2015-4700", "DEBIANCVE:CVE-2015-5257", "DEBIANCVE:CVE-2015-5707", "DEBIANCVE:CVE-2015-6252", "DEBIANCVE:CVE-2015-6937", "DEBIANCVE:CVE-2016-10088", "DEBIANCVE:CVE-2016-10229", "DEBIANCVE:CVE-2016-2782", "DEBIANCVE:CVE-2016-3140", "DEBIANCVE:CVE-2016-3672", "DEBIANCVE:CVE-2016-4482", "DEBIANCVE:CVE-2016-4485", "DEBIANCVE:CVE-2016-4580", "DEBIANCVE:CVE-2016-7425", "DEBIANCVE:CVE-2016-7910", "DEBIANCVE:CVE-2016-8399", "DEBIANCVE:CVE-2016-8633", "DEBIANCVE:CVE-2016-8645", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2636", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5986", "DEBIANCVE:CVE-2017-6074", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-7184", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7895"]}, {"type": "exploitdb", "idList": ["EDB-ID:39539", "EDB-ID:41457", "EDB-ID:41458"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:4EEB4BE9E101A3B6E5FA4A3FC9B06CCD"]}, {"type": "f5", "idList": ["F5:K18015201", "F5:K31209433", "F5:K32115847", "F5:K51025656", "F5:K54610514", "F5:K81211720", "F5:K82508682", "SOL17457"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:1F466601E823", "FEDORA:2CC39660F53B", "FEDORA:4E39C608F49D", "FEDORA:553DD615C92C", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:6437E61257FA", "FEDORA:65FAD61713B3", "FEDORA:685B66087C53", "FEDORA:711F0612DED6", "FEDORA:85F7B60BBD0B", "FEDORA:8CDBE6067306", "FEDORA:92CE26061A9A", "FEDORA:A5F35607D661", "FEDORA:B872461491E6", "FEDORA:E736B60877BC"]}, {"type": "fortinet", "idList": ["FG-IR-17-118"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "hackerone", "idList": ["H1:347282"]}, {"type": "ibm", "idList": ["A0B3473150234C639FE6AF0F0A832767753836E0C7B4AA5A710ED063FB7AD779"]}, {"type": "ics", "idList": ["ICSA-21-280-02"]}, {"type": "kaspersky", "idList": ["KLA10480"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500107-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2017-5669/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-5669/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201783679", "MYHACK58:62201783692", "MYHACK58:62201785273", "MYHACK58:62201785788"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "CENTOS_RHSA-2017-0293.NASL", "CENTOS_RHSA-2017-0294.NASL", "CENTOS_RHSA-2017-0323.NASL", "CENTOS_RHSA-2017-0933.NASL", "DEBIAN_DLA-325.NASL", "DEBIAN_DLA-670.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DSA-3696.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1066.NASL", "EULEROS_SA-2019-1535.NASL", "F5_BIGIP_SOL18015201.NASL", "FEDORA_2015-16440.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-4B9F61C68D.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD045F80AC.NASL", "FEDORA_2017-B9B1AC0D15.NASL", "FEDORA_2017-F519EBB3C4.NASL", "FEDORA_2017-FB89CA752A.NASL", "OPENSUSE-2016-1212.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-562.NASL", "ORACLELINUX_ELSA-2017-0293.NASL", "ORACLELINUX_ELSA-2017-0294.NASL", "ORACLELINUX_ELSA-2017-0323.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-3520.NASL", "ORACLELINUX_ELSA-2017-3521.NASL", "ORACLELINUX_ELSA-2017-3522.NASL", "ORACLELINUX_ELSA-2021-9486.NASL", "ORACLELINUX_ELSA-2021-9487.NASL", "ORACLEVM_OVMSA-2017-0044.NASL", "ORACLEVM_OVMSA-2017-0045.NASL", "ORACLEVM_OVMSA-2017-0046.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "REDHAT-RHSA-2017-0293.NASL", "REDHAT-RHSA-2017-0294.NASL", "REDHAT-RHSA-2017-0295.NASL", "REDHAT-RHSA-2017-0316.NASL", "REDHAT-RHSA-2017-0323.NASL", "REDHAT-RHSA-2017-0324.NASL", "REDHAT-RHSA-2017-0345.NASL", "REDHAT-RHSA-2017-0346.NASL", "REDHAT-RHSA-2017-0347.NASL", "REDHAT-RHSA-2017-0365.NASL", "REDHAT-RHSA-2017-0366.NASL", "REDHAT-RHSA-2017-0403.NASL", "REDHAT-RHSA-2017-0501.NASL", "REDHAT-RHSA-2017-0869.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-0986.NASL", "REDHAT-RHSA-2017-1125.NASL", "REDHAT-RHSA-2017-1126.NASL", "SL_20170222_KERNEL_ON_SL6_X.NASL", "SL_20170222_KERNEL_ON_SL7_X.NASL", "SL_20170224_KERNEL_ON_SL5_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2017-0864-1.NASL", "SUSE_SU-2017-0865-1.NASL", "SUSE_SU-2017-0866-1.NASL", "SUSE_SU-2017-0873-1.NASL", "SUSE_SU-2017-0875-1.NASL", "SUSE_SU-2017-0876-1.NASL", "SUSE_SU-2017-0880-1.NASL", "SUSE_SU-2017-0881-1.NASL", "SUSE_SU-2017-0888-1.NASL", "SUSE_SU-2017-0889-1.NASL", "SUSE_SU-2017-0912-1.NASL", "SUSE_SU-2017-0913-1.NASL", "UBUNTU_USN-2889-1.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-3016-1.NASL", "UBUNTU_USN-3189-1.NASL", "UBUNTU_USN-3189-2.NASL", "UBUNTU_USN-3190-1.NASL", "UBUNTU_USN-3190-2.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3218-1.NASL", "UBUNTU_USN-3219-1.NASL", "UBUNTU_USN-3219-2.NASL", "UBUNTU_USN-3220-1.NASL", "UBUNTU_USN-3220-2.NASL", "UBUNTU_USN-3220-3.NASL", "UBUNTU_USN-3221-1.NASL", "UBUNTU_USN-3221-2.NASL", "UBUNTU_USN-3248-1.NASL", "UBUNTU_USN-3249-1.NASL", "UBUNTU_USN-3249-2.NASL", "UBUNTU_USN-3250-1.NASL", "UBUNTU_USN-3250-2.NASL", "UBUNTU_USN-3251-1.NASL", "UBUNTU_USN-3251-2.NASL", "UBUNTU_USN-3264-1.NASL", "UBUNTU_USN-3264-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3266-1.NASL", "UBUNTU_USN-3266-2.NASL", "UBUNTU_USN-3445-1.NASL", "UBUNTU_USN-3583-1.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-026.NASL", "VIRTUOZZO_VZA-2017-028.NASL", "VIRTUOZZO_VZA-2017-029.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703396", "OPENVAS:1361412562310810136", "OPENVAS:1361412562310842469", "OPENVAS:1361412562310842494", "OPENVAS:1361412562310842791", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310871967", "OPENVAS:1361412562310872159", "OPENVAS:1361412562310872163", "OPENVAS:1361412562311220191535"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0293", "ELSA-2017-0294", "ELSA-2017-0294-1", "ELSA-2017-0323", "ELSA-2017-0323-1", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-2801", "ELSA-2017-3520", "ELSA-2017-3521", "ELSA-2017-3522"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141331", "PACKETSTORM:141339"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0018"]}, {"type": "photon", "idList": ["PHSA-2017-0031", "PHSA-2017-0035"]}, {"type": "ptsecurity", "idList": ["PT-2017-06"]}, {"type": "redhat", "idList": ["RHSA-2017:0293", "RHSA-2017:0294", "RHSA-2017:0316", "RHSA-2017:0323", "RHSA-2017:0324", "RHSA-2017:0345", "RHSA-2017:0346", "RHSA-2017:0365", "RHSA-2017:0366", "RHSA-2017:0403", "RHSA-2017:0869", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0986", "RHSA-2017:1125", "RHSA-2020:3836"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-10142", "RH:CVE-2016-8399", "RH:CVE-2016-8633", "RH:CVE-2016-8645", "RH:CVE-2017-2583", "RH:CVE-2017-2636", "RH:CVE-2017-2647", "RH:CVE-2017-5669", "RH:CVE-2017-5986", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6353", "RH:CVE-2017-7184", "RH:CVE-2017-7187"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32313"]}, {"type": "seebug", "idList": ["SSV:92700", "SSV:92861", "SSV:92945"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2583-1", "OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:1215-1", "SUSE-SU-2017:0307-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0864-1", "SUSE-SU-2017:0865-1", "SUSE-SU-2017:0866-1", "SUSE-SU-2017:0867-1", "SUSE-SU-2017:0868-1", "SUSE-SU-2017:0873-1", "SUSE-SU-2017:0875-1", "SUSE-SU-2017:0876-1", "SUSE-SU-2017:0877-1", "SUSE-SU-2017:0878-1", "SUSE-SU-2017:0880-1", "SUSE-SU-2017:0881-1", "SUSE-SU-2017:0882-1", "SUSE-SU-2017:0884-1", "SUSE-SU-2017:0885-1", "SUSE-SU-2017:0886-1", "SUSE-SU-2017:0887-1", "SUSE-SU-2017:0888-1", "SUSE-SU-2017:0912-1", "SUSE-SU-2017:0913-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "thn", "idList": ["THN:11E7CC33794D9968747131F3F0AE8716", "THN:FA88848EF7446185D7481A0AB338ACA7"]}, {"type": "threatpost", "idList": ["THREATPOST:178E0668804E2DA1322D2C1DCF6CA893"]}, {"type": "ubuntu", "idList": ["USN-2662-1", "USN-2663-1", "USN-2664-1", "USN-2666-1", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-3017-2", "USN-3190-2", "USN-3208-2", "USN-3209-1", "USN-3219-1", "USN-3220-1", "USN-3220-2", "USN-3221-2", "USN-3264-1", "USN-3264-2", "USN-3265-2", "USN-3266-2", "USN-3291-1", "USN-3291-3", "USN-3314-1", "USN-3445-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10088", "UB:CVE-2016-10142", "UB:CVE-2016-10229", "UB:CVE-2016-4482", "UB:CVE-2016-8399", "UB:CVE-2016-8633", "UB:CVE-2016-8645", "UB:CVE-2017-2583", "UB:CVE-2017-2636", "UB:CVE-2017-2647", "UB:CVE-2017-5669", "UB:CVE-2017-5986", "UB:CVE-2017-6074", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-7184", "UB:CVE-2017-7187", "UB:CVE-2017-7895"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004", "VZA-2017-010", "VZA-2017-016", "VZA-2017-019", "VZA-2017-021", "VZA-2017-026", "VZA-2017-028", "VZA-2017-029", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042", "VZA-2017-097", "VZA-2017-098"]}, {"type": "zdi", "idList": ["ZDI-17-240"]}, {"type": "zdt", "idList": ["1337DAY-ID-27133", "1337DAY-ID-27134"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2013-7446", "epss": 0.00046, "percentile": 0.14023, "modified": "2023-05-06"}, {"cve": "CVE-2015-1420", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2015-4700", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2015-5257", "epss": 0.00241, "percentile": 0.60564, "modified": "2023-05-06"}, {"cve": "CVE-2015-5707", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2015-6252", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2015-6937", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2016-10088", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2016-10142", "epss": 0.0065, "percentile": 0.76371, "modified": "2023-05-06"}, {"cve": "CVE-2016-10229", "epss": 0.04837, "percentile": 0.91512, "modified": "2023-05-06"}, {"cve": "CVE-2016-2782", "epss": 0.00321, "percentile": 0.66168, "modified": "2023-05-06"}, {"cve": "CVE-2016-3140", "epss": 0.00337, "percentile": 0.6698, "modified": "2023-05-06"}, {"cve": "CVE-2016-3672", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2016-4482", "epss": 0.00094, "percentile": 0.38675, "modified": "2023-05-06"}, {"cve": "CVE-2016-4485", "epss": 0.00514, "percentile": 0.73232, "modified": "2023-05-06"}, {"cve": "CVE-2016-4580", "epss": 0.00811, "percentile": 0.7933, "modified": "2023-05-06"}, {"cve": "CVE-2016-7425", "epss": 0.00044, "percentile": 0.08309, "modified": "2023-05-06"}, {"cve": "CVE-2016-7910", "epss": 0.00135, "percentile": 0.47426, "modified": "2023-05-06"}, {"cve": "CVE-2016-8399", "epss": 0.00233, "percentile": 0.59895, "modified": "2023-05-06"}, {"cve": "CVE-2016-8633", "epss": 0.0524, "percentile": 0.91824, "modified": "2023-05-06"}, {"cve": "CVE-2016-8645", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-2583", "epss": 0.00181, "percentile": 0.53796, "modified": "2023-05-06"}, {"cve": "CVE-2017-2636", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-06"}, {"cve": "CVE-2017-2647", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5669", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-5986", "epss": 0.00083, "percentile": 0.33752, "modified": "2023-05-06"}, {"cve": "CVE-2017-6074", "epss": 0.00043, "percentile": 0.07492, "modified": "2023-05-06"}, {"cve": "CVE-2017-6214", "epss": 0.02496, "percentile": 0.88489, "modified": "2023-05-06"}, {"cve": "CVE-2017-6345", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7184", "epss": 0.0008, "percentile": 0.32797, "modified": "2023-05-06"}, {"cve": "CVE-2017-7187", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7895", "epss": 0.92105, "percentile": 0.98424, "modified": "2023-05-06"}], "vulnersScore": 7.6}, "_state": {"dependencies": 1701533917, "score": 1701532874, "epss": 0}, "_internal": {"score_hash": "1779cf3da0bf956227c70eabfbf5bda1"}, "pluginID": "100238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0106.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100238);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-1420\", \"CVE-2015-4700\", \"CVE-2015-5257\", \"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6937\", \"CVE-2015-9731\", \"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-10229\", \"CVE-2016-2782\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4580\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2017-2583\", \"CVE-2017-2636\", \"CVE-2017-2647\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-7184\", \"CVE-2017-7187\", \"CVE-2017-7895\");\n script_bugtraq_id(72357, 75356);\n\n script_name(english:\"OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986995] (CVE-2017-7895)\n\n - ocfs2/o2net: o2net_listen_data_ready should do nothing\n if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug:\n 25510857]\n\n - IB/CORE: sync the resouce access in fmr_pool (Wengang\n Wang) [Orabug: 23750748]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is\n valid (Jakub Sitnicki) [Orabug: 25534688]\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25549845]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional\n clearing. (Jamie Iles) [Orabug: 25549845]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector'\n (Paolo Bonzini) [Orabug: 25719676] (CVE-2017-2583)\n (CVE-2017-2583)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo\n Ricardo Leitner) [Orabug: 25719811] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric\n Dumazet) [Orabug: 25720815] (CVE-2017-6214)\n\n - USB: visor: fix null-deref at probe (Johan Hovold)\n [Orabug: 25796604] (CVE-2016-2782)\n\n - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr\n Bueso) [Orabug: 25797014] (CVE-2017-5669)\n\n - vhost: actually track log eventfd file\n (Marc-Andr&eacute Lureau) [Orabug: 25797056]\n (CVE-2015-6252)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size\n harder (Andy Whitcroft) [Orabug: 25814664]\n (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL\n replay_window (Andy Whitcroft) [Orabug: 25814664]\n (CVE-2017-7184)\n\n - KEYS: Remove key_type::match in favour of overriding\n default by match_preparse (David Howells) [Orabug:\n 25823965] (CVE-2017-2647) (CVE-2017-2647)\n\n - USB: whiteheat: fix potential null-deref at probe (Johan\n Hovold) [Orabug: 25825107] (CVE-2015-5257)\n\n - RDS: fix race condition when sending a message on\n unbound socket (Quentin Casasnovas) [Orabug: 25871048]\n (CVE-2015-6937) (CVE-2015-6937)\n\n - udf: Check path length when reading symlink (Jan Kara)\n [Orabug: 25871104] (CVE-2015-9731)\n\n - udf: Treat symlink component of type 2 as / (Jan Kara)\n [Orabug: 25871104] (CVE-2015-9731)\n\n - udp: properly support MSG_PEEK with truncated buffers\n (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum)\n [Orabug: 25877531] (CVE-2016-7910)\n\n - RHEL: complement upstream workaround for CVE-2016-10142.\n (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142)\n (CVE-2016-10142)\n\n - net: ping: check minimum size on ICMP header length\n (Kees Cook) [Orabug: 25766914] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen\n Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under\n KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter\n chang) [Orabug: 25752011] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander\n Popov) [Orabug: 25696689] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby)\n [Orabug: 25696689] (CVE-2017-2636)\n\n - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc\n (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636)\n\n - list: introduce list_first_entry_or_null (Jiri Pirko)\n [Orabug: 25696689] (CVE-2017-2636)\n\n - firewire: net: guard against rx buffer overflows (Stefan\n Richter) [Orabug: 25451538] (CVE-2016-8633)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32\n (Hector Marco-Gisbert) [Orabug: 25463929]\n (CVE-2016-3672)\n\n - x86 get_unmapped_area: Access mmap_legacy_base through\n mm_struct member (Radu Caragea) [Orabug: 25463929]\n (CVE-2016-3672)\n\n - sg_start_req: make sure that there's not too many\n elements in iovec (Al Viro) [Orabug: 25490377]\n (CVE-2015-5707)\n\n - tcp: take care of truncations done by sk_filter (Eric\n Dumazet) [Orabug: 25507232] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn)\n [Orabug: 25507232] (CVE-2016-8645)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer\n (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425)\n\n - x86: bpf_jit: fix compilation of large bpf programs\n (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700)\n\n - net: fix a kernel infoleak in x25 module (Kangjie Lu)\n [Orabug: 25512417] (CVE-2016-4580)\n\n - USB: digi_acceleport: do sanity checking for the number\n of ports (Oliver Neukum) [Orabug: 25512472]\n (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet)\n [Orabug: 25682437] (CVE-2017-6345)\n\n - dccp: fix freeing skb too early for IPV6_RECVPKTINFO\n (Andrey Konovalov) [Orabug: 25598277] (CVE-2017-6074)\n\n - vfs: read file_handle only once in handle_to_path (Sasha\n Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811]\n (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000728.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-2.6.39-400.295.2.el5uek\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-firmware-2.6.39-400.295.2.el5uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "naslFamily": "OracleVM Local Security Checks", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.2"], "solution": "Update the affected kernel-uek / kernel-uek-firmware packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-05-16T00:00:00", "vulnerabilityPublicationDate": "2015-03-16T00:00:00", "exploitableWith": ["Core Impact"]}

{"oraclelinux": [{"lastseen": "2021-07-28T14:24:58", "description": "[2.6.39-400.295.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895}\n[2.6.39-400.295.1]\n- ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214}\n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257}\n- RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2015-4700", "CVE-2015-5257", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "modified": "2017-05-16T00:00:00", "id": "ELSA-2017-3567", "href": "http://linux.oracle.com/errata/ELSA-2017-3567.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:50", "description": "[2.6.39-400.294.6]\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n[2.6.39-400.294.5]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n[2.6.39-400.294.4]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4700", "CVE-2015-5707", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2636", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2017-03-31T00:00:00", "id": "ELSA-2017-3535", "href": "http://linux.oracle.com/errata/ELSA-2017-3535.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:46", "description": "kernel-uek\n[3.8.13-118.18.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895}\n[3.8.13-118.18.1]\n- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] \n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] \n- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] \n- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] \n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5257", "CVE-2015-6252", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9644", "CVE-2017-2583", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "modified": "2017-05-16T00:00:00", "id": "ELSA-2017-3566", "href": "http://linux.oracle.com/errata/ELSA-2017-3566.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:59", "description": "kernel-uek\n[3.8.13-118.17.4]\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n[3.8.13-118.17.3]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n[3.8.13-118.17.2]\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}\n[3.8.13-118.17.1]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696686] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696686] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696686] {CVE-2017-2636}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 21305080] {CVE-2015-4700}\n- net: filter: return -EINVAL if BPF_S_ANC* operation is not supported (Daniel Borkmann) [Orabug: 22187148] \n- KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) \n- KEYS: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451530] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463927] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463927] {CVE-2016-3672}\n- pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (WANG Cong) [Orabug: 25490335] {CVE-2015-8569}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490372] {CVE-2015-5707}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507195] {CVE-2016-9588}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507230] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507230] {CVE-2016-8645}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507281] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507328] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507328] {CVE-2016-7425}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512413] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512471] {CVE-2016-3140}\n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25543892] {CVE-2017-5970}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682430] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646}\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446", "CVE-2015-4700", "CVE-2015-5707", "CVE-2015-8569", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-9178", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2017-03-31T00:00:00", "id": "ELSA-2017-3534", "href": "http://linux.oracle.com/errata/ELSA-2017-3534.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:34", "description": "[2.6.39-400.294.2]\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2017-02-09T00:00:00", "id": "ELSA-2017-3516", "href": "http://linux.oracle.com/errata/ELSA-2017-3516.html", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2021-07-30T06:24:40", "description": "kernel-uek\n[4.1.12-61.1.34]\n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-13T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-2583", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6347", "CVE-2017-7184"], "modified": "2017-04-13T00:00:00", "id": "ELSA-2017-3539", "href": "http://linux.oracle.com/errata/ELSA-2017-3539.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:54", "description": "kernel-uek\n[3.8.13-118.16.3]\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646}\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2017-02-09T00:00:00", "id": "ELSA-2017-3515", "href": "http://linux.oracle.com/errata/ELSA-2017-3515.html", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2021-07-28T14:24:45", "description": "[2.6.39-400.294.7]\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-13T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10229", "CVE-2016-7910"], "modified": "2017-04-13T00:00:00", "id": "ELSA-2017-3538", "href": "http://linux.oracle.com/errata/ELSA-2017-3538.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:55", "description": "kernel-uek\n[4.1.12-94.3.4]\n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830]\n[4.1.12-94.3.3]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895}\n[4.1.12-94.3.2]\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799]\n[4.1.12-94.3.1]\n- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572] \n- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25946533] \n- NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 25945973] \n- nvme: use an integer value to Linux errno values (Christoph Hellwig) [Orabug: 25945973] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973] \n- x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433] \n- Btrfs: don't BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945] \n- Btrfs: clarify do_chunk_alloc()'s return value (Liu Bo) [Orabug: 25534945] \n- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945] \n- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518] \n- qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 25862953] \n- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691] \n- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691] \n- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691] \n- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691] \n- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25866691] \n- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) \n- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691] \n- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] \n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] {CVE-2016-10229}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10229", "CVE-2017-7895"], "modified": "2017-05-16T00:00:00", "id": "ELSA-2017-3565", "href": "http://linux.oracle.com/errata/ELSA-2017-3565.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:52", "description": "kernel-uek\n[4.1.12-61.1.33]\n- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.32]\n- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.31]\n- rebuild bumping release\n[4.1.12-61.1.30]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}\n[4.1.12-61.1.29]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}\n- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] \n- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}\n- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}\n- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}\n- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}\n- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}\n- tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}\n- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] \n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}\n- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}\n- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}\n- mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8952", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9178", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9756", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2017-03-31T00:00:00", "id": "ELSA-2017-3533", "href": "http://linux.oracle.com/errata/ELSA-2017-3533.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[2.6.32-696.1.1]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910}\n- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749]\n- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-11T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2017-04-11T00:00:00", "id": "ELSA-2017-0892", "href": "http://linux.oracle.com/errata/ELSA-2017-0892.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:47", "description": "kernel-uek\n[4.1.12-103.3.8]\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365}\n[4.1.12-103.3.7]\n- i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222]\n[4.1.12-103.3.6]\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497]\n[4.1.12-103.3.5]\n- dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533}\n[4.1.12-103.3.4]\n- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200}\n- ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}\n- scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] \n- scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] \n- fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] \n- Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] \n- ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] \n- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797}\n- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797}\n- ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927]\n[4.1.12-103.3.2]\n- rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] \n- Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] \n- xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] \n- xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] \n- ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] \n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] \n- Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] \n- MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477}\n- sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671}\n- PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] \n- xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li)\n[4.1.12-103.3.1]\n- MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] \n- IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] \n- ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}\n- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074}\n- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] \n- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] \n- blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] \n- blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] \n- nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] \n- nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] \n- nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] \n- nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] \n- Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] \n- net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] \n- rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] \n- rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] \n- Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] \n- Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] \n- mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] \n- scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] \n- scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] \n- scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] \n- scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] \n- Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] \n- NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] \n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}\n- xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] \n- xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] \n- sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] \n- selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] \n- sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] \n- sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] \n- cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] \n- sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] \n- sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] \n- SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] \n- bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] \n- arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] \n- arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] \n- kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] \n- arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] \n- locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] \n- locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] \n- locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] \n- locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] \n- locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] \n- locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] \n- locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] \n- qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] \n- qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] \n- qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] \n- qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] \n- qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] \n- qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] \n- qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] \n- qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] \n- qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] \n- qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] \n- qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] \n- qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] \n- qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] \n- qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] \n- qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] \n- qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] \n- qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] \n- qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] \n- qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] \n- qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] \n- qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] \n- qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] \n- qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] \n- qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] \n- qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] \n- qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] \n- qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] \n- qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] \n- qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] \n- qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] \n- qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] \n- qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] \n- qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] \n- qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] \n- qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] \n- qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] \n- qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] \n- qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] \n- qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] \n- qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] \n- qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] \n- qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] \n- SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] \n- btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] \n- btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] \n- btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] \n- btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] \n- btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] \n- Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] \n- Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] \n- net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363}\n- drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] \n- dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] \n- bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] \n- bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] \n- bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] \n- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077}\n- lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] \n- lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] \n- lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] \n- lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] \n- lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] \n- scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] \n- lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] \n- lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] \n- lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] \n- lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] \n- lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] \n- lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] \n- scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] \n- scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] \n- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] \n- scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] \n- Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] \n- blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] \n- RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] \n- xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] \n- be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] \n- be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] \n- benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] \n- be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] \n- be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] \n- drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] \n- be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] \n- be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] \n- be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] \n- be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] \n- be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] \n- be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] \n- net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] \n- net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] \n- dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] \n- dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] \n- sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] \n- uek-rpm: change memory allocator from slab to slub (Allen Pais) \n- arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] \n- drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] \n- sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] \n- sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] \n- i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] \n- sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] \n- sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] \n- sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] \n- i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] \n- watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] \n- watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] \n- sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] \n- i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] \n- sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] \n- SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] \n- SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] \n- i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] \n- sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] \n- sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] \n- sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] \n- sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] \n- sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] \n- Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] \n- [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] \n- IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] \n- scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] \n- scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] \n- scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] \n- scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] \n- scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] \n- scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] \n- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890}\n- Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] \n- aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] \n- IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] \n- bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] \n- bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] \n- bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] \n- bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] \n- bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] \n- bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] \n- IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] \n- bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] \n- i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] \n- i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] \n- i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] \n- i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] \n- i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] \n- i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] \n- i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] \n- i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] \n- i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] \n- i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] \n- i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] \n- i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] \n- i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] \n- i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] \n- i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] \n- i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] \n- i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] \n- i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] \n- i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] \n- i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] \n- i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] \n- i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] \n- i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] \n- i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] \n- i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] \n- i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] \n- i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] \n- i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] \n- i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] \n- i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] \n- i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] \n- i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] \n- i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] \n- i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] \n- scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] \n- i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] \n- i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] \n- i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] \n- i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] \n- i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] \n- i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] \n- i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] \n- i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] \n- i40evf: add comment (Mitch Williams) [Orabug: 26403617] \n- i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] \n- i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] \n- i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] \n- i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] \n- i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] \n- i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] \n- i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] \n- i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] \n- i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] \n- i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] \n- i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] \n- i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] \n- i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] \n- i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] \n- i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] \n- i40evf: track outstanding client request (Mitch Williams) \n- i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] \n- i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] \n- i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] \n- i40e: remove unused function (Mitch Williams) [Orabug: 26403617] \n- i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) \n- i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] \n- i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] \n- i40evf: remove unused device ID (Mitch Williams) \n- i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] \n- i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] \n- i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] \n- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] \n- i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] \n- i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] \n- i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] \n- aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] \n- bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] \n- dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] \n- sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] \n- fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] \n- sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] \n- sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] \n- Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] \n- net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] \n- x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] \n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645}\n- sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] \n- block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] \n- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}\n- sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] \n- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] \n- xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] \n- xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] \n- xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] \n- xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] \n- xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] \n- xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] \n- xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] \n- xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] \n- rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] \n- rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] \n- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}\n- dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] \n- dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] \n- e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] \n- e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] \n- e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] \n- e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] \n- Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] \n- e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] \n- e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] \n- e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] \n- e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] \n- e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] \n- e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] \n- e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] \n- e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] \n- e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] \n- e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] \n- e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] \n- e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] \n- e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] \n- e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] \n- e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] \n- e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] \n- e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] \n- e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] \n- e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] \n- e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] \n- e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] \n- e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] \n- e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] \n- e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] \n- e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] \n- e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] \n- e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] \n- e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] \n- e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] \n- e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] \n- e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] \n- ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] \n- ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] \n- ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] \n- ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] \n- ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] \n- ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] \n- ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] \n- ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] \n- ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) \n- ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] \n- ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] \n- ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] \n- ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] \n- ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] \n- ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] \n- ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] \n- ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] \n- ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] \n- ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] \n- ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] \n- ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] \n- ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] \n- net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] \n- net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] \n- IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] \n- uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] \n- igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] \n- igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] \n- igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] \n- igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] \n- igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] \n- igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] \n- igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] \n- igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] \n- igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] \n- igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] \n- igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] \n- igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] \n- igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] \n- igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] \n- igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] \n- igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] \n- igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] \n- igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] \n- Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] \n- igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] \n- igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] \n- igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] \n- igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] \n- igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] \n- igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] \n- igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] \n- igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] \n- igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] \n- igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] \n- igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] \n- igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] \n- igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] \n- igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] \n- igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] \n- igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] \n- igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] \n- igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] \n- igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] \n- igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] \n- igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] \n- igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] \n- igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] \n- igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] \n- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] \n- igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] \n- igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] \n- igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] \n- igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] \n- igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] \n- igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] \n- igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] \n- igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] \n- igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] \n- net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] \n- igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] \n- igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] \n- igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] \n- igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] \n- igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] \n- igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] \n- igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] \n- igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] \n- blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] \n- Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] \n- sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] \n- dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] \n- ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] \n- DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] \n- net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] \n- nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] \n- nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] \n- nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] \n- percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] \n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] \n- block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] \n- vfio/pci: Fix unsigned comparison overflow (Alex Williamson) \n- restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] \n- sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] \n- nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] \n- nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] \n- IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] \n- btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] \n- btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] \n- btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] \n- btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] \n- btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] \n- Fix Express lane queue creation. (James Smart) [Orabug: 26102276] \n- uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] \n- rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] \n- rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] \n- rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] \n- Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912]\n[4.1.12-103.2.1]\n- uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] \n- uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] \n- sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) \n- sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] \n- sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] \n- xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] \n- NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] \n- sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] \n- sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997]\n[4.1.12-103.1.1]\n- Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] \n- scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] \n- Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] \n- scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] \n- scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] \n- PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] \n- NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] \n- nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] \n- nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] \n- nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] \n- nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] \n- NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] \n- NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] \n- nvme: Limit command retries (Keith Busch) [Orabug: 25130845] \n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] \n- NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] \n- nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] \n- nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] \n- nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] \n- blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] \n- NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] \n- NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] \n- NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] \n- nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] \n- NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] \n- nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] \n- nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] \n- nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] \n- nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] \n- NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] \n- NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] \n- nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] \n- nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] \n- NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] \n- block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] \n- nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] \n- nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] \n- block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] \n- nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] \n- nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] \n- nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] \n- NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] \n- nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] \n- NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] \n- nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] \n- nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] \n- NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] \n- NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] \n- NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] \n- NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] \n- nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] \n- nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] \n- nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] \n- NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] \n- NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] \n- nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] \n- nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] \n- nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] \n- nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] \n- nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] \n- nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] \n- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] \n- NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] \n- NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] \n- NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] \n- nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] \n- nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] \n- nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] \n- NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] \n- NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] \n- nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] \n- nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] \n- nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] \n- nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] \n- NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] \n- nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] \n- nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] \n- nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] \n- nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] \n- nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] \n- nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] \n- nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] \n- nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] \n- nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] \n- nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] \n- nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] \n- nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] \n- nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] \n- nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] \n- nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] \n- nvme: use offset instead of a struct for registers (Christoph Hellwig) \n- nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] \n- Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] \n- nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] \n- block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] \n- block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] \n- NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] \n- nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] \n- nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] \n- nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] \n- NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] \n- NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] \n- NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] \n- NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] \n- Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] \n- Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- Revert 'nvme: Limit command retries' (Ashok Vairavan) \n- Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) \n- Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) \n- Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) \n- Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) \n- forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] \n- ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] \n- kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] \n- ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] \n- IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] \n- IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] \n- IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] \n- IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] \n- IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] \n- IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] \n- IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] \n- scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] \n- scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] \n- scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] \n- xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] \n- qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] \n- Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] \n- Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] \n- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] \n- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] \n- uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] \n- ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] \n- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}\n- fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] \n- IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] \n- RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] \n- Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) \n- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] \n- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] \n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895}\n- sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] \n- sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) \n- sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) \n- sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] \n- sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] \n- sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] \n- sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] \n- sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] \n- mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] \n- mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] \n(Vijay Kumar) [Orabug: 25808647] \n- arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] \n- asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] \n- asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] \n- sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] \n- ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] \n- sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] \n- sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] \n- Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) \n- SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] \n- sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] \n- ldmvsw: unregistering netdev before disable hardware (Thomas Tai) \n- arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] \n- sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] \n- arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] \n- arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] \n- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] \n- sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] \n- sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] \n- bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] \n- PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] \n- sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] \n- lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) \n- config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) \n- sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] \n- sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] \n- xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] \n- xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] \n- xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] \n- xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] \n- xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] \n- xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] \n- xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] \n- xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] \n- xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] \n- include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] \n- xen-netback: fix type mismatch warning (Arnd Bergmann) \n- xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) \n- xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) \n- xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) \n- xen-netback: process guest rx packets in batches (David Vrabel) \n- xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) \n- xen-netback: refactor guest rx (David Vrabel) \n- xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) \n- xen-netback: separate guest side rx code into separate module (Paul Durrant) \n- x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] \n- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] \n- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] \n- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] \n- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] \n- RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] \n- mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] \n- sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] \n- sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] \n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229}\n- net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] \n- Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] \n- I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] \n- xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] \n- mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] \n- xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] \n- xen: events: Replace BUG() with BUG_ON() (Shyam Saini) \n- xen: remove stale xs_input_avail() from header (Juergen Gross) \n- xen: return xenstore command failures via response instead of rc (Juergen Gross) \n- xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) \n- xen/evtchn: use rb_entry() (Geliang Tang) \n- xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) \n- xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) \n- xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) \n- xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) \n- x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) \n- xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) \n- xen: xenbus: set error code on failure (Pan Bian) \n- xen: set error code on failures (Pan Bian) \n- xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) \n- xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) \n- tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) \n- xen-scsifront: Add a missing call to kfree (Quentin Lambert) \n- xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) \n- xen-netback: fix error handling output (Arnd Bergmann) \n- xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) \n- xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) \n- xen: introduce xenbus_read_unsigned() (Juergen Gross) \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) \n- xenbus: check return value of xenbus_scanf() (Jan Beulich) \n- xenbus: prefer list_for_each() (Jan Beulich) \n- xenbus: advertise control feature flags (Juergen Gross) \n- xen/pciback: support driver_override (Juergen Gross) \n- xen/pciback: avoid multiple entries in slot list (Juergen Gross) \n- xen/pciback: simplify pcistub device handling (Juergen Gross) \n- x86/xen: add missing\n at end of printk warning message (Colin Ian King) \n- xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) \n- xen: Sync xen header (Juergen Gross) \n- xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) \n- xen: Make VPMU init message look less scary (Juergen Gross) \n- xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) \n- kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) \n- xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) \n- proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) \n- xen: Resume PMU from non-atomic context (Boris Ostrovsky)\n[4.1.12-102]\n- Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] \n- Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] \n- Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] \n- Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] \n- Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] \n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] \n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}\n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583}\n- gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) \n- gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] \n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644}\n- sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] \n- xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) \n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187}\n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] \n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669}\n[4.1.12-101]\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088}\n- tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] \n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910}\n- xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] \n- fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] \n- fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] \n- fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] \n- IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] \n- Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] \n- IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] \n- dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537]\n[4.1.12-100]\n- ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] \n- netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] \n- netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] \n- ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] \n- ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] \n- xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] \n- xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] \n- direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] \n- Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] \n- PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] \n- OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] \n- PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] \n- sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] \n- PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] \n- PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] \n- PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] \n- PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] \n- Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] \n- Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] \n- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] \n- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] \n- target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] \n- target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] \n- x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] \n- x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] \n- x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] \n- perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] \n- perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] \n- x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] \n- dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] \n- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273}\n- ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] \n- ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] \n- ctf: bitfield support (Nick Alcock) [Orabug: 25815129] \n- ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] \n- ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] \n- ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] \n- ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] \n- ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) \n- ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] \n- ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] \n- DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] \n- dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] \n- dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] \n- dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] \n- dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] \n- dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] \n- dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361]\n[4.1.12-99]\n- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] \n- qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] \n- Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] \n- Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] \n- xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] \n- xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] \n- dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] \n- Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] \n- x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] \n- x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] \n- x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] \n- x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] \n- fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] \n- fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] \n- fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] \n- fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] \n- scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] \n- ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] \n- ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] \n- sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] \n- sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] \n- sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] \n- arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] \n- arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] \n- sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] \n- sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] \n- sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] \n- SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] \n- SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] \n- PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] \n- sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] \n- sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] \n- sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] \n- sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] \n- sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] \n- sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] \n- sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] \n- sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] \n- sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] \n- sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] \n- sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] \n- sparc64: tsb size expansion (bob picco) [Orabug: 25448108] \n- sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] \n- sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) \n- sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] \n- sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] \n- sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] \n- blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] \n- sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542]\n[4.1.12-98]\n- sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] \n- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] \n- sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] \n- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] \n- KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) \n- Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] \n- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] \n- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) \n- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] \n- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] \n- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] \n- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] \n- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] \n- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] \n- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] \n- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] \n- sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] \n- sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) \n- sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] \n- sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] \n- sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] \n- SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] \n- arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] \n- sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] \n- sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] \n- ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] \n- dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] \n- dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256]\n[4.1.12-97]\n- megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] \n- sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] \n- SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] \n- sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] \n- arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] \n- SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] \n- ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] \n- ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] \n- sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] \n- sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] \n- hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] \n- hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] \n- tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] \n- vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] \n- SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] \n- sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] \n- sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] \n- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] \n- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] \n- SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906]\n[4.1.12-96]\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022]\n[4.1.12-95]\n- PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] \n- Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-23T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9604", "CVE-2016-9644", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-12134", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6347", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7477", "CVE-2017-7533", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2017-08-23T00:00:00", "id": "ELSA-2017-3609", "href": "http://linux.oracle.com/errata/ELSA-2017-3609.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:49", "description": "- [3.10.0-514.26.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-28T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2017-06-28T00:00:00", "id": "ELSA-2017-1615", "href": "http://linux.oracle.com/errata/ELSA-2017-1615.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:26", "description": "- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from __vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-28T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2017-06-28T00:00:00", "id": "ELSA-2017-1615-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1615-1.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-02T15:34:04", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3567 advisory.\n\n - The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. (CVE-2015-6937)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux- image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. (CVE-2015-6252)\n\n - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)\n\n - drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. (CVE-2015-5257)\n\n - The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. (CVE-2016-2782)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. (CVE-2017-5669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2015-4700", "CVE-2015-5257", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-8320", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3567.NASL", "href": "https://www.tenable.com/plugins/nessus/100235", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3567.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100235);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2015-1420\",\n \"CVE-2015-4700\",\n \"CVE-2015-5257\",\n \"CVE-2015-5707\",\n \"CVE-2015-6252\",\n \"CVE-2015-6937\",\n \"CVE-2015-9731\",\n \"CVE-2016-2782\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2016-7910\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2016-10229\",\n \"CVE-2017-2583\",\n \"CVE-2017-2636\",\n \"CVE-2017-2647\",\n \"CVE-2017-5669\",\n \"CVE-2017-5986\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-7184\",\n \"CVE-2017-7187\",\n \"CVE-2017-7895\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3567 advisory.\n\n - The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local\n users to cause a denial of service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not properly bound. (CVE-2015-6937)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not\n validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-\n image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11\n allows local users to cause a denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users\n to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation. (CVE-2015-6252)\n\n - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain\n match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)\n\n - drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact\n via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the\n correct ID of CVE-2015-8320. (CVE-2015-5257)\n\n - The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically\n proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly\n have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint. (CVE-2016-2782)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address\n calculated by a certain rounding operation, which allows local users to map page zero, and consequently\n bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat\n system calls in a privileged context. (CVE-2017-5669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3567.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.295.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3567');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.295.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.295.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.295.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.295.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.295.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.295.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.295.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.295.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.295.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.295.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:07", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - RHEL: complement upstream workaround for CVE-2016-10142.\n (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142) (CVE-2016-10142)\n\n - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] (CVE-2017-2636)\n\n - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636)\n\n - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] (CVE-2017-2636)\n\n - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] (CVE-2016-8633)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] (CVE-2016-3672)\n\n - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] (CVE-2016-3672)\n\n - sg_start_req: make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] (CVE-2015-5707)\n\n - tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507232] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] (CVE-2016-8645)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425)\n\n - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700)\n\n - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] (CVE-2016-4580)\n\n - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682437] (CVE-2017-6345)", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4700", "CVE-2015-5707", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2017-2636", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2017-0058.NASL", "href": "https://www.tenable.com/plugins/nessus/99164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0058.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99164);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-4700\", \"CVE-2015-5707\", \"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-4580\", \"CVE-2016-7425\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2017-2636\", \"CVE-2017-6345\", \"CVE-2017-7187\");\n script_bugtraq_id(75356);\n\n script_name(english:\"OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - RHEL: complement upstream workaround for CVE-2016-10142.\n (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142)\n (CVE-2016-10142)\n\n - net: ping: check minimum size on ICMP header length\n (Kees Cook) [Orabug: 25766914] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen\n Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under\n KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter\n chang) [Orabug: 25752011] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander\n Popov) [Orabug: 25696689] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby)\n [Orabug: 25696689] (CVE-2017-2636)\n\n - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc\n (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636)\n\n - list: introduce list_first_entry_or_null (Jiri Pirko)\n [Orabug: 25696689] (CVE-2017-2636)\n\n - firewire: net: guard against rx buffer overflows (Stefan\n Richter) [Orabug: 25451538] (CVE-2016-8633)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32\n (Hector Marco-Gisbert) [Orabug: 25463929]\n (CVE-2016-3672)\n\n - x86 get_unmapped_area: Access mmap_legacy_base through\n mm_struct member (Radu Caragea) [Orabug: 25463929]\n (CVE-2016-3672)\n\n - sg_start_req: make sure that there's not too many\n elements in iovec (Al Viro) [Orabug: 25490377]\n (CVE-2015-5707)\n\n - tcp: take care of truncations done by sk_filter (Eric\n Dumazet) [Orabug: 25507232] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn)\n [Orabug: 25507232] (CVE-2016-8645)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer\n (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425)\n\n - x86: bpf_jit: fix compilation of large bpf programs\n (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700)\n\n - net: fix a kernel infoleak in x25 module (Kangjie Lu)\n [Orabug: 25512417] (CVE-2016-4580)\n\n - USB: digi_acceleport: do sanity checking for the number\n of ports (Oliver Neukum) [Orabug: 25512472]\n (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet)\n [Orabug: 25682437] (CVE-2017-6345)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000676.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?243735fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-2.6.39-400.294.6.el5uek\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-firmware-2.6.39-400.294.6.el5uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:33:44", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986990] (CVE-2017-7895)\n\n - fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585]\n\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703]\n\n - xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki)\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25549809]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809]\n\n - VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug:\n 25559937]\n\n - VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937]\n\n - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] (CVE-2017-2583) (CVE-2017-2583)\n\n - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] (CVE-2016-10208)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric Dumazet) [Orabug: 25720813] (CVE-2017-6214)\n\n - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083]\n\n - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] (CVE-2016-2782)\n\n - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] (CVE-2017-5669)\n\n - vhost: actually track log eventfd file (Marc-Andr&eacute Lureau) [Orabug: 25797052] (CVE-2015-6252)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] (CVE-2017-7184)\n\n - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug:\n 25823962] (CVE-2017-2647) (CVE-2017-2647)\n\n - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] (CVE-2015-5257) (CVE-2015-5257)\n\n - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] (CVE-2015-9731)\n\n - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] (CVE-2016-7910)\n\n - Revert 'fix minor infoleak in get_user_ex' (Brian Maly) [Orabug: 25790392] (CVE-2016-9644)\n\n - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] (CVE-2017-7187)", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5257", "CVE-2015-6252", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9644", "CVE-2017-2583", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0105.NASL", "href": "https://www.tenable.com/plugins/nessus/100237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0105.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100237);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5257\", \"CVE-2015-6252\", \"CVE-2015-9731\", \"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-10208\", \"CVE-2016-10229\", \"CVE-2016-2782\", \"CVE-2016-7910\", \"CVE-2016-8399\", \"CVE-2016-9644\", \"CVE-2017-2583\", \"CVE-2017-2647\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-7184\", \"CVE-2017-7187\", \"CVE-2017-7895\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986990] (CVE-2017-7895)\n\n - fnic: Update fnic driver version to 1.6.0.24 (John\n Sobecki) [Orabug: 24448585]\n\n - xen-netfront: Rework the fix for Rx stall during OOM and\n network stress (Dongli Zhang) [Orabug: 25450703]\n\n - xen-netfront: Fix Rx stall during network stress and OOM\n (Dongli Zhang) [Orabug: 25450703]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is\n valid (Jakub Sitnicki)\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25549809]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional\n clearing. (Jamie Iles) [Orabug: 25549809]\n\n - VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug:\n 25559937]\n\n - VSOCK: sock_put wasn't safe to call in interrupt context\n (Dongli Zhang) [Orabug: 25559937]\n\n - IB/CORE: sync the resouce access in fmr_pool (Wengang\n Wang) [Orabug: 25677469]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector'\n (Paolo Bonzini) [Orabug: 25719675] (CVE-2017-2583)\n (CVE-2017-2583)\n\n - ext4: validate s_first_meta_bg at mount time (Eryu Guan)\n [Orabug: 25719738] (CVE-2016-10208)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo\n Ricardo Leitner) [Orabug: 25719810] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric\n Dumazet) [Orabug: 25720813] (CVE-2017-6214)\n\n - lpfc cannot establish connection with targets that send\n PRLI under P2P mode (Joe Jin) [Orabug: 25759083]\n\n - USB: visor: fix null-deref at probe (Johan Hovold)\n [Orabug: 25796594] (CVE-2016-2782)\n\n - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr\n Bueso) [Orabug: 25797012] (CVE-2017-5669)\n\n - vhost: actually track log eventfd file\n (Marc-Andr&eacute Lureau) [Orabug: 25797052]\n (CVE-2015-6252)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size\n harder (Andy Whitcroft) [Orabug: 25814663]\n (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL\n replay_window (Andy Whitcroft) [Orabug: 25814663]\n (CVE-2017-7184)\n\n - KEYS: Remove key_type::match in favour of overriding\n default by match_preparse (Aniket Alshi) [Orabug:\n 25823962] (CVE-2017-2647) (CVE-2017-2647)\n\n - USB: whiteheat: fix potential null-deref at probe (Johan\n Hovold) [Orabug: 25825105] (CVE-2015-5257)\n (CVE-2015-5257)\n\n - udf: Check path length when reading symlink (Jan Kara)\n [Orabug: 25871102] (CVE-2015-9731)\n\n - udp: properly support MSG_PEEK with truncated buffers\n (Eric Dumazet) [Orabug: 25876655] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum)\n [Orabug: 25877530] (CVE-2016-7910)\n\n - Revert 'fix minor infoleak in get_user_ex' (Brian Maly)\n [Orabug: 25790392] (CVE-2016-9644)\n\n - net: ping: check minimum size on ICMP header length\n (Kees Cook) [Orabug: 25766911] (CVE-2016-8399)\n\n - ipv6: stop sending PTB packets for MTU < 1280 (Hagen\n Paul Pfeifer) [Orabug: 25765776] (CVE-2016-10142)\n\n - sg_write/bsg_write is not fit to be called under\n KERNEL_DS (Al Viro) [Orabug: 25765445] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter\n chang) [Orabug: 25751996] (CVE-2017-7187)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000727.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.18.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.18.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:26", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3535 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4700", "CVE-2015-5707", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9576", "CVE-2017-2636", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3535.NASL", "href": "https://www.tenable.com/plugins/nessus/99161", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3535.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99161);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-4700\",\n \"CVE-2015-5707\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2017-2636\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3535 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows\n local users to cause a denial of service (system crash) by creating a packet filter and then loading\n crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications\n of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the\n generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of\n fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing\n fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed,\n unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to\n DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is\n communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain\n extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between\n Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU\n smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as\n required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received\n ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with\n extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS\n scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they\n implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the\n aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an\n attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message\n with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned\n routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does\n not properly initialize a certain data structure, which allows attackers to obtain sensitive information\n from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x\n before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a\n large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3535.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8399\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.294.6.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3535');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.6.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.294.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.294.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:09", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3566 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux- image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out- of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. (CVE-2015-6252)\n\n - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)\n\n - drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320. (CVE-2015-5257)\n\n - The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. (CVE-2016-2782)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. (CVE-2017-5669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5257", "CVE-2015-6252", "CVE-2015-8320", "CVE-2015-9731", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-2782", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9644", "CVE-2017-2583", "CVE-2017-2647", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7895"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.18.2.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.18.2.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3566.NASL", "href": "https://www.tenable.com/plugins/nessus/100234", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3566.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100234);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-5257\",\n \"CVE-2015-6252\",\n \"CVE-2015-9731\",\n \"CVE-2016-2782\",\n \"CVE-2016-7910\",\n \"CVE-2016-8399\",\n \"CVE-2016-9644\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2016-10208\",\n \"CVE-2016-10229\",\n \"CVE-2017-2583\",\n \"CVE-2017-2647\",\n \"CVE-2017-5669\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-7184\",\n \"CVE-2017-7187\",\n \"CVE-2017-7895\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3566 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not\n validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-\n image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly\n validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-\n of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11\n allows local users to cause a denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users\n to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation. (CVE-2015-6252)\n\n - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain\n match field, related to the keyring_search_iterator function in keyring.c. (CVE-2017-2647)\n\n - drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact\n via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the\n correct ID of CVE-2015-8320. (CVE-2015-5257)\n\n - The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically\n proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly\n have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint. (CVE-2016-2782)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address\n calculated by a certain rounding operation, which allows local users to map page zero, and consequently\n bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat\n system calls in a privileged context. (CVE-2017-5669)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3566.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.18.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.18.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.18.2.el6uek', '3.8.13-118.18.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3566');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.18.2.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.18.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.18.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.18.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.18.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.18.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.18.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.18.2.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.18.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.18.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.18.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.18.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.18.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.18.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.18.2.el6uek / dtrace-modules-3.8.13-118.18.2.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:26", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3534 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8569)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-4700", "CVE-2015-5707", "CVE-2015-8569", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4580", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-9178", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3534.NASL", "href": "https://www.tenable.com/plugins/nessus/99160", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3534.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99160);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2015-4700\",\n \"CVE-2015-5707\",\n \"CVE-2015-8569\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-8646\",\n \"CVE-2016-9178\",\n \"CVE-2016-9588\",\n \"CVE-2016-9644\",\n \"CVE-2016-9793\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2017-2636\",\n \"CVE-2017-5970\",\n \"CVE-2017-6074\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3534 advisory.\n\n - The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows\n local users to cause a denial of service (system crash) by creating a packet filter and then loading\n crafted BPF instructions that trigger late convergence by the JIT compiler. (CVE-2015-4700)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages.\n (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications\n of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the\n generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of\n fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing\n fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed,\n unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to\n DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is\n communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain\n extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between\n Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU\n smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as\n required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received\n ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with\n extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS\n scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they\n implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the\n aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an\n attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message\n with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned\n routers will themselves be the ones dropping their own traffic. (CVE-2016-10142)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through\n 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted application. (CVE-2015-8569)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does\n not properly initialize a certain data structure, which allows attackers to obtain sensitive information\n from kernel stack memory via an X.25 Call Request. (CVE-2016-4580)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not\n initialize a certain integer variable, which allows local users to obtain sensitive information from\n kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows\n attackers to cause a denial of service (system crash) via (1) an application that makes crafted system\n calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x\n before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a\n large iov_count value in a write request. (CVE-2015-5707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3534.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8399\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.17.4.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.17.4.el6uek', '3.8.13-118.17.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3534');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.17.4.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.17.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.17.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.17.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.17.4.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.17.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.17.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.17.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.17.4.el6uek / dtrace-modules-3.8.13-118.17.4.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:23", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2016-4482", "CVE-2016-4485"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2017-0041.NASL", "href": "https://www.tenable.com/plugins/nessus/97120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0041.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97120);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-1420\", \"CVE-2016-4482\", \"CVE-2016-4485\");\n script_bugtraq_id(72357);\n\n script_name(english:\"OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0041)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfs: read file_handle only once in handle_to_path (Sasha\n Levin) [Orabug: 25388709] (CVE-2015-1420)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417807]\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462763] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811]\n (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue\n (Rainer Weikusat) [Orabug: 25464000] (CVE-2013-7446)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000649.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b560f546\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-2.6.39-400.294.2.el5uek\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-firmware-2.6.39-400.294.2.el5uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:41", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3516 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (CVE-2013-7446)\n\n - Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.\n (CVE-2015-1420)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-1420", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3516.NASL", "href": "https://www.tenable.com/plugins/nessus/97118", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3516.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97118);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2015-1420\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\"\n );\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3516 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to\n bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (CVE-2013-7446)\n\n - Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows\n local users to bypass intended size restrictions and trigger read operations on additional memory\n locations by changing the handle_bytes value of a file handle during the execution of this function.\n (CVE-2015-1420)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3516.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7446\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.294.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3516');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.294.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.294.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:44", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. (CVE-2016-7910)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux- image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out- of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-2583", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6347", "CVE-2017-7184"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3539.NASL", "href": "https://www.tenable.com/plugins/nessus/99389", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3539.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99389);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-7910\",\n \"CVE-2016-10208\",\n \"CVE-2017-2583\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6347\",\n \"CVE-2017-7184\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3539 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before\n 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even\n if the corresponding start operation had failed. (CVE-2016-7910)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has\n incorrect expectations about skb data layout, which allows local users to cause a denial of service\n (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by\n use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not\n validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-\n image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly\n validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-\n of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11\n allows local users to cause a denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3539.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7910\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.34.el6uek', '4.1.12-61.1.34.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3539');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.34.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.34.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.34.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.34.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.34.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.34.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.34.el6uek / dtrace-modules-4.1.12-61.1.34.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:25", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.(CVE-2017-2636)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-5669", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1057.NASL", "href": "https://www.tenable.com/plugins/nessus/99902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99902);\n script_version(\"1.42\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-2636\",\n \"CVE-2017-5669\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel before 4.9.11 allows remote attackers to\n cause a denial of service (infinite loop and soft\n lockup) via vectors involving a TCP packet with the URG\n flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel\n through 4.9.12 does not restrict the address calculated\n by a certain rounding operation, which allows local\n users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system\n call, by making crafted shmget and shmat system calls\n in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel before 4.9.13 improperly manages lock\n dropping, which allows local users to cause a denial of\n service (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free)\n by setting the HDLC line discipline.(CVE-2017-2636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1057\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d80be91\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.48.1.121\",\n \"kernel-debug-3.10.0-229.48.1.121\",\n \"kernel-debuginfo-3.10.0-229.48.1.121\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.48.1.121\",\n \"kernel-devel-3.10.0-229.48.1.121\",\n \"kernel-headers-3.10.0-229.48.1.121\",\n \"kernel-tools-3.10.0-229.48.1.121\",\n \"kernel-tools-libs-3.10.0-229.48.1.121\",\n \"perf-3.10.0-229.48.1.121\",\n \"python-perf-3.10.0-229.48.1.121\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:44", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25698171]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] (CVE-2017-2583) (CVE-2017-2583)\n\n - ext4: store checksum seed in superblock (Darrick J.\n Wong) [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] (CVE-2016-10208)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric Dumazet) [Orabug: 25720805] (CVE-2017-6214)\n\n - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug:\n 25720839] (CVE-2017-6347)\n\n - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug:\n 25720839] (CVE-2017-6347)\n\n - udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] (CVE-2017-6347)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] (CVE-2017-7184)\n\n - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] (CVE-2016-7910)", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-2583", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6347", "CVE-2017-7184"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0062.NASL", "href": "https://www.tenable.com/plugins/nessus/99392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0062.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99392);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10208\", \"CVE-2016-7910\", \"CVE-2017-2583\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6347\", \"CVE-2017-7184\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0062)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug:\n 25698171]\n\n - ksplice: add sysctls for determining Ksplice features.\n (Jamie Iles) \n\n - signal: protect SIGNAL_UNKILLABLE from unintentional\n clearing. (Jamie Iles) [Orabug: 25698171]\n\n - KVM: x86: fix emulation of 'MOV SS, null selector'\n (Paolo Bonzini) [Orabug: 25719659] (CVE-2017-2583)\n (CVE-2017-2583)\n\n - ext4: store checksum seed in superblock (Darrick J.\n Wong) [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: reserve code points for the project quota feature\n (Theodore Ts'o) [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: validate s_first_meta_bg at mount time (Eryu Guan)\n [Orabug: 25719728] (CVE-2016-10208)\n\n - ext4: clean up feature test macros with predicate\n functions (Darrick J. Wong) [Orabug: 25719728]\n (CVE-2016-10208)\n\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo\n Ricardo Leitner) [Orabug: 25719793] (CVE-2017-5986)\n\n - tcp: avoid infinite loop in tcp_splice_read (Eric\n Dumazet) [Orabug: 25720805] (CVE-2017-6214)\n\n - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug:\n 25720839] (CVE-2017-6347)\n\n - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug:\n 25720839] (CVE-2017-6347)\n\n - udp: do not expect udp headers in recv cmsg\n IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839]\n (CVE-2017-6347)\n\n - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size\n harder (Andy Whitcroft) [Orabug: 25814641]\n (CVE-2017-7184)\n\n - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL\n replay_window (Andy Whitcroft) [Orabug: 25814641]\n (CVE-2017-7184)\n\n - block: fix use-after-free in seq file (Vegard Nossum)\n [Orabug: 25877509] (CVE-2016-7910)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000678.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d24288bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.34.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.34.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:22", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3515 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (CVE-2013-7446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3515.NASL", "href": "https://www.tenable.com/plugins/nessus/97117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3515.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97117);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-7446\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8646\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3515)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3515 advisory.\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\n - Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to\n bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (CVE-2013-7446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3515.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7446\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.16.3.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.16.3.el6uek', '3.8.13-118.16.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3515');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.16.3.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.16.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.16.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.16.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.16.3.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.16.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.16.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.16.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.16.3.el6uek / dtrace-modules-3.8.13-118.16.3.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:51", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] (CVE-2016-7910)", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10229", "CVE-2016-7910"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2017-0061.NASL", "href": "https://www.tenable.com/plugins/nessus/99391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0061.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99391);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10229\", \"CVE-2016-7910\");\n\n script_name(english:\"OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0061)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - udp: properly support MSG_PEEK with truncated buffers\n (Eric Dumazet) [Orabug: 25874741] (CVE-2016-10229)\n\n - block: fix use-after-free in seq file (Vegard Nossum)\n [Orabug: 25877531] (CVE-2016-7910)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000677.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aae7407c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-2.6.39-400.294.7.el5uek\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"kernel-uek-firmware-2.6.39-400.294.7.el5uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:28:41", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)", "cvss3": {}, "published": "2017-02-13T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8646"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0040.NASL", "href": "https://www.tenable.com/plugins/nessus/97119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0040.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97119);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8646\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0040)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417805]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462760] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807]\n (CVE-2016-4485)\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\n\n - unix: avoid use-after-free in ep_remove_wait_queue\n (Rainer Weikusat) [Orabug: 25463996] (CVE-2013-7446)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000648.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?995a591b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.16.3.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.16.3.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:12", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3538 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. (CVE-2016-7910)\n\n - udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. (CVE-2016-10229)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3538)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10229", "CVE-2016-7910"], "modified": "2021-09-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek"], "id": "ORACLELINUX_ELSA-2017-3538.NASL", "href": "https://www.tenable.com/plugins/nessus/99388", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3538.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99388);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2016-7910\", \"CVE-2016-10229\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3538)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3538 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before\n 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even\n if the corresponding start operation had failed. (CVE-2016-7910)\n\n - udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic\n that triggers an unsafe second checksum calculation during execution of a recv system call with the\n MSG_PEEK flag. (CVE-2016-10229)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3538.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10229\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.294.7.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3538');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.294.7.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.294.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.7.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.294.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.7.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.294.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.7.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.294.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.294.7.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.294.7.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:31:28", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n - CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\n - CVE-2017-2636 Alexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\n - CVE-2017-5669 Gareth Evans reported that privileged users can map memory at address 0 through the shmat() system call.\n This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\n - CVE-2017-5986 Alexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues ( CVE-2017-6353 ). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\n - CVE-2017-6214 Dmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call.\n This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice().\n\n - CVE-2017-6345 Andrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\n - CVE-2017-6346 Dmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation.\n\n - CVE-2017-6348 Dmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices.", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Debian DSA-3804-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9588", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3804.NASL", "href": "https://www.tenable.com/plugins/nessus/97615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3804. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97615);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n script_xref(name:\"DSA\", value:\"3804\");\n\n script_name(english:\"Debian DSA-3804-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\n - CVE-2016-9588\n Jim Mattson discovered that the KVM implementation for\n Intel x86 processors does not properly handle #BP and\n #OF exceptions in an L2 (nested) virtual machine. A\n local attacker in an L2 guest VM can take advantage of\n this flaw to cause a denial of service for the L1 guest\n VM.\n\n - CVE-2017-2636\n Alexander Popov discovered a race condition flaw in the\n n_hdlc line discipline that can lead to a double free. A\n local unprivileged user can take advantage of this flaw\n for privilege escalation. On systems that do not already\n have the n_hdlc module loaded, this can be mitigated by\n disabling it:echo >> /etc/modprobe.d/disable-n_hdlc.conf\n install n_hdlc false\n\n - CVE-2017-5669\n Gareth Evans reported that privileged users can map\n memory at address 0 through the shmat() system call.\n This could make it easier to exploit other kernel\n security vulnerabilities via a set-UID program.\n\n - CVE-2017-5986\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause\n a denial-of-service (crash). The initial fix for this\n was incorrect and introduced further security issues (\n CVE-2017-6353 ). This update includes a later fix that\n avoids those. On systems that do not already have the\n sctp module loaded, this can be mitigated by disabling\n it:echo >> /etc/modprobe.d/disable-sctp.conf install\n sctp false\n\n - CVE-2017-6214\n Dmitry Vyukov reported a bug in the TCP implementation's\n handling of urgent data in the splice() system call.\n This can be used by a remote attacker for\n denial-of-service (hang) against applications that read\n from TCP sockets with splice().\n\n - CVE-2017-6345\n Andrey Konovalov reported that the LLC type 2\n implementation incorrectly assigns socket buffer\n ownership. This can be used by a local user to cause a\n denial-of-service (crash). On systems that do not\n already have the llc2 module loaded, this can be\n mitigated by disabling it:echo >>\n /etc/modprobe.d/disable-llc2.conf install llc2 false\n\n - CVE-2017-6346\n Dmitry Vyukov reported a race condition in the raw\n packet (af_packet) fanout feature. Local users with the\n CAP_NET_RAW capability (in any user namespace) can use\n this for denial-of-service and possibly for privilege\n escalation.\n\n - CVE-2017-6348\n Dmitry Vyukov reported that the general queue\n implementation in the IrDA subsystem does not properly\n manage multiple locks, possibly allowing local users to\n cause a denial-of-service (deadlock) via crafted\n operations on IrDA devices.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-9588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.39-1+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:47", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at address 0 through the shmat() system call. This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial of service (crash).\nThe initial fix for this was incorrect and introduced further security issues (CVE-2017-6353). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call. This can be used by a remote attacker for denial of service (hang) against applications that read from TCP sockets with splice().\n\nCVE-2017-6345\n\nAndrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This might be usable by a local user to cause a denial of service (memory corruption or crash) or privilege escalation. On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial of service and possibly for privilege escalation.\n\nCVE-2017-6348\n\nDmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.86-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-10T00:00:00", "type": "nessus", "title": "Debian DLA-849-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9588", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-849.NASL", "href": "https://www.tenable.com/plugins/nessus/97640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-849-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97640);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n\n script_name(english:\"Debian DLA-849-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an L2\n(nested) virtual machine. A local attacker in an L2 guest VM can take\nadvantage of this flaw to cause a denial of service for the L1 guest\nVM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line\ndiscipline that can lead to a double free. A local unprivileged user\ncan take advantage of this flaw for privilege escalation. On systems\nthat do not already have the n_hdlc module loaded, this can be\nmitigated by disabling it: echo >> /etc/modprobe.d/disable-n_hdlc.conf\ninstall n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at address\n0 through the shmat() system call. This could make it easier to\nexploit other kernel security vulnerabilities via a set-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP implementation\nthat can be used by local users to cause a denial of service (crash).\nThe initial fix for this was incorrect and introduced further security\nissues (CVE-2017-6353). This update includes a later fix that avoids\nthose. On systems that do not already have the sctp module loaded,\nthis can be mitigated by disabling it: echo >>\n/etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of\nurgent data in the splice() system call. This can be used by a remote\nattacker for denial of service (hang) against applications that read\nfrom TCP sockets with splice().\n\nCVE-2017-6345\n\nAndrey Konovalov reported that the LLC type 2 implementation\nincorrectly assigns socket buffer ownership. This might be usable by a\nlocal user to cause a denial of service (memory corruption or crash)\nor privilege escalation. On systems that do not already have the llc2\nmodule loaded, this can be mitigated by disabling it: echo >>\n/etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet)\nfanout feature. Local users with the CAP_NET_RAW capability (in any\nuser namespace) can use this for denial of service and possibly for\nprivilege escalation.\n\nCVE-2017-6348\n\nDmitry Vyukov reported that the general queue implementation in the\nIrDA subsystem does not properly manage multiple locks, possibly\nallowing local users to cause a denial of service (deadlock) via\ncrafted operations on IrDA devices.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.86-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.86-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:33:25", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3565 advisory.\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10229", "CVE-2017-7895"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-94.3.4.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-94.3.4.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3565.NASL", "href": "https://www.tenable.com/plugins/nessus/100233", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3565.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100233);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2016-10229\", \"CVE-2017-7895\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3565)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2017-3565 advisory.\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3565.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-94.3.4.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-94.3.4.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-94.3.4.el6uek', '4.1.12-94.3.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3565');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-94.3.4.el6uek-0.6.0-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-94.3.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-94.3.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-94.3.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-94.3.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-94.3.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-94.3.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-94.3.4.el7uek-0.6.0-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-94.3.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-94.3.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-94.3.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-94.3.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-94.3.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-94.3.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-94.3.4.el6uek / dtrace-modules-4.1.12-94.3.4.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:00", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) \n\n - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug:\n 26038830]\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986971] (CVE-2017-7895)\n\n - sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533]\n\n - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) \n\n - sparc64: Disable DAX flow control (Rob Gardner) [Orabug:\n 25997226]\n\n - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137]\n\n - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975]\n\n - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790]\n\n - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747]\n\n - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) \n\n - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628]\n\n - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546]\n\n - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522]\n\n - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475]\n\n - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469]\n\n - megaraid: Fix unaligned warning (Allen Pais) [Orabug:\n 24817799]\n\n - Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572]\n\n - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) \n\n - NVMe: Set affinity after allocating request queues (Keith Busch) \n\n - nvme: use an integer value to Linux errno values (Christoph Hellwig) \n\n - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973]\n\n - x86/apic: Handle zero vector gracefully in clear_vector_irq (Keith Busch) [Orabug: 24515998]\n\n - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170]\n\n - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433]\n\n - Btrfs: don't BUG_ON in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945]\n\n - Btrfs: clarify do_chunk_alloc's return value (Liu Bo) [Orabug: 25534945]\n\n - btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945]\n\n - Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518]\n\n - qla2xxx: Allow vref count to timeout on vport delete.\n (Joe Carnuccio) [Orabug: 25862953]\n\n - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691]\n\n - Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691]\n\n - Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691]\n\n - Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691]\n\n - Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) \n\n - Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data (Vitaly Kuznetsov)\n\n - Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691]\n\n - xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416]\n\n - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] (CVE-2016-10229)", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10229", "CVE-2017-7895"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0104.NASL", "href": "https://www.tenable.com/plugins/nessus/100236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0104.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100236);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10229\", \"CVE-2017-7895\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0104)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ipv6: catch a null skb before using it in a DTRACE\n (Shannon Nelson) \n\n - sparc64: Do not retain old VM_SPARC_ADI flag when\n protection changes on page (Khalid Aziz) [Orabug:\n 26038830]\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (J.\n Bruce Fields) [Orabug: 25986971] (CVE-2017-7895)\n\n - sparc64: Detect DAX ra+pgsz when hvapi minor doesn't\n indicate it (Rob Gardner) [Orabug: 25997533]\n\n - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob\n Gardner) \n\n - sparc64: Disable DAX flow control (Rob Gardner) [Orabug:\n 25997226]\n\n - sparc64: DAX memory needs persistent mappings (Rob\n Gardner) [Orabug: 25997137]\n\n - sparc64: Fix incorrect error print in DAX driver when\n validating ccb (Sanath Kumar) [Orabug: 25996975]\n\n - sparc64: DAX request for non 4MB memory should return\n with unique errno (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: DAX request to mmap non 4MB memory should fail\n with a debug print (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: DAX request for non 4MB memory should return\n with unique errno (Sanath Kumar) [Orabug: 25996823]\n\n - sparc64: Incorrect print by DAX driver when old driver\n API is used (Sanath Kumar) [Orabug: 25996790]\n\n - sparc64: DAX request to dequeue half of a long CCB\n should not succeed (Sanath Kumar) [Orabug: 25996747]\n\n - sparc64: dax_overflow_check reports incorrect data\n (Sanath Kumar) \n\n - sparc64: Ignored DAX ref count causes lockup (Rob\n Gardner) [Orabug: 25996628]\n\n - sparc64: disable dax page range checking on RA (Rob\n Gardner) [Orabug: 25996546]\n\n - sparc64: Oracle Data Analytics Accelerator (DAX) driver\n (Sanath Kumar) [Orabug: 25996522]\n\n - sparc64: Add DAX hypervisor services (Allen Pais)\n [Orabug: 25996475]\n\n - sparc64: create/destroy cpu sysfs dynamically (Atish\n Patra) [Orabug: 21775890] [Orabug: 25216469]\n\n - megaraid: Fix unaligned warning (Allen Pais) [Orabug:\n 24817799]\n\n - Re-enable SDP for uek-nano kernel (Ashok Vairavan)\n [Orabug: 25968572]\n\n - xsigo: Compute node crash on FC failover (Pradeep\n Gopanapalli) \n\n - NVMe: Set affinity after allocating request queues\n (Keith Busch) \n\n - nvme: use an integer value to Linux errno values\n (Christoph Hellwig) \n\n - blk-mq: fix racy updates of rq->errors (Christoph\n Hellwig) [Orabug: 25945973]\n\n - x86/apic: Handle zero vector gracefully in\n clear_vector_irq (Keith Busch) [Orabug: 24515998]\n\n - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao)\n [Orabug: 24819170]\n\n - PCI: Prevent VPD access for buggy devices (Babu Moger)\n [Orabug: 24819170]\n\n - ipv6: Skip XFRM lookup if dst_entry in socket cache is\n valid (Jakub Sitnicki) [Orabug: 25525433]\n\n - Btrfs: don't BUG_ON in btrfs_orphan_add (Josef Bacik)\n [Orabug: 25534945]\n\n - Btrfs: clarify do_chunk_alloc's return value (Liu Bo)\n [Orabug: 25534945]\n\n - btrfs: flush_space: treat return value of do_chunk_alloc\n properly (Alex Lyakas) [Orabug: 25534945]\n\n - Revert '[SCSI] libiscsi: Reduce locking contention in\n fast path' (Ashish Samant) [Orabug: 25721518]\n\n - qla2xxx: Allow vref count to timeout on vport delete.\n (Joe Carnuccio) [Orabug: 25862953]\n\n - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov)\n [Orabug: 25866691]\n\n - Drivers: hv: util: Pass the channel information during\n the init call (K. Y. Srinivasan) [Orabug: 25866691]\n\n - Drivers: hv: utils: run polling callback always in\n interrupt context (Olaf Hering) [Orabug: 25866691]\n\n - Drivers: hv: util: Increase the timeout for util\n services (K. Y. Srinivasan) [Orabug: 25866691]\n\n - Drivers: hv: kvp: check kzalloc return value (Vitaly\n Kuznetsov) \n\n - Drivers: hv: fcopy: dynamically allocate smsg_out in\n fcopy_send_data (Vitaly Kuznetsov)\n\n - Drivers: hv: vss: full handshake support (Vitaly\n Kuznetsov) [Orabug: 25866691]\n\n - xen: Make VPMU init message look less scary (Juergen\n Gross) [Orabug: 25873416]\n\n - udp: properly support MSG_PEEK with truncated buffers\n (Eric Dumazet) [Orabug: 25876652] (CVE-2016-10229)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000726.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-94.3.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-94.3.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:31:46", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug:\n 25790387] (CVE-2016-9644)\n\n - Revert 'fix minor infoleak in get_user_ex' (Brian Maly) [Orabug: 25790387] (CVE-2016-9644)\n\n - x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] (CVE-2016-9644)\n\n - rebuild bumping release\n\n - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] (CVE-2016-8399) (CVE-2016-8399)\n\n - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] (CVE-2017-2636)\n\n - If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) \n\n - PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]\n\n - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] (CVE-2016-8633)\n\n - usbnet: cleanup after bind in probe (Oliver Neukum) [Orabug: 25463898] (CVE-2016-3951)\n\n - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bj&oslash rn Mork) [Orabug: 25463898] (CVE-2016-3951)\n\n - cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] (CVE-2016-3951)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] (CVE-2016-3672)\n\n - kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] (CVE-2017-2596)\n\n - crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] (CVE-2016-10147)\n\n - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] (CVE-2016-9588)\n\n - KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:\n 25507213] (CVE-2016-9756)\n\n - tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507226] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] (CVE-2016-8645)\n\n - tipc: check minimum bearer MTU (Michal Kube&#x10D ek) [Orabug: 25507239] (CVE-2016-8632) (CVE-2016-8632)\n\n - fix minor infoleak in get_user_ex (Al Viro) [Orabug:\n 25507269] (CVE-2016-9178)\n\n - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] (CVE-2016-7425)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507319] (CVE-2016-7425)\n\n - tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)\n\n - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)\n\n - ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)\n\n - ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)\n\n - mbcache2: reimplement mbcache (Jan Kara) [Orabug:\n 25512366] (CVE-2015-8952)\n\n - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682419] (CVE-2017-6345)\n\n - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) \n\n - ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] (CVE-2017-5970)\n\n - perf/core: Fix concurrent sys_perf_event_open vs.\n 'move_group' race (Peter Zijlstra) [Orabug: 25698751] (CVE-2017-6001)\n\n - ip6_gre: fix ip6gre_err invalid reads (Eric Dumazet) [Orabug: 25699015] (CVE-2017-5897)\n\n - mpt3sas: Don't spam logs if logging level is 0 (Johannes Thumshirn) \n\n - xen-netfront: cast grant table reference first to type int (Dongli Zhang)\n\n - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8952", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9178", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9756", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0056.NASL", "href": "https://www.tenable.com/plugins/nessus/99162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0056.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99162);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8952\", \"CVE-2016-10088\", \"CVE-2016-10147\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9178\", \"CVE-2016-9588\", \"CVE-2016-9644\", \"CVE-2016-9756\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6345\", \"CVE-2017-7187\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Revert 'x86/mm: Expand the exception table logic to\n allow new handling options' (Brian Maly) [Orabug:\n 25790387] (CVE-2016-9644)\n\n - Revert 'fix minor infoleak in get_user_ex' (Brian Maly)\n [Orabug: 25790387] (CVE-2016-9644)\n\n - x86/mm: Expand the exception table logic to allow new\n handling options (Tony Luck) [Orabug: 25790387]\n (CVE-2016-9644)\n\n - rebuild bumping release\n\n - net: ping: check minimum size on ICMP header length\n (Kees Cook) [Orabug: 25766898] (CVE-2016-8399)\n (CVE-2016-8399)\n\n - sg_write/bsg_write is not fit to be called under\n KERNEL_DS (Al Viro) [Orabug: 25765436] (CVE-2016-10088)\n\n - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter\n chang) [Orabug: 25751984] (CVE-2017-7187)\n\n - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander\n Popov) [Orabug: 25696677] (CVE-2017-2636)\n\n - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby)\n [Orabug: 25696677] (CVE-2017-2636)\n\n - If Slot Status indicates changes in both Data Link Layer\n Status and Presence Detect, prioritize the Link status\n change. (Jack Vogel) \n\n - PCI: pciehp: Leave power indicator on when enabling\n already-enabled slot (Ashok Raj) [Orabug: 25353783]\n\n - firewire: net: guard against rx buffer overflows (Stefan\n Richter) [Orabug: 25451520] (CVE-2016-8633)\n\n - usbnet: cleanup after bind in probe (Oliver Neukum)\n [Orabug: 25463898] (CVE-2016-3951)\n\n - cdc_ncm: do not call usbnet_link_change from\n cdc_ncm_bind (Bj&oslash rn Mork) [Orabug: 25463898]\n (CVE-2016-3951)\n\n - cdc_ncm: Add support for moving NDP to end of NCM frame\n (Enrico Mioso) [Orabug: 25463898] (CVE-2016-3951)\n\n - x86/mm/32: Enable full randomization on i386 and X86_32\n (Hector Marco-Gisbert) [Orabug: 25463918]\n (CVE-2016-3672)\n\n - kvm: fix page struct leak in handle_vmon (Paolo Bonzini)\n [Orabug: 25507133] (CVE-2017-2596)\n\n - crypto: mcryptd - Check mcryptd algorithm compatibility\n (tim) [Orabug: 25507153] (CVE-2016-10147)\n\n - kvm: nVMX: Allow L1 to intercept software exceptions\n (#BP and #OF) (Jim Mattson) [Orabug: 25507188]\n (CVE-2016-9588)\n\n - KVM: x86: drop error recovery in em_jmp_far and\n em_ret_far (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:\n 25507213] (CVE-2016-9756)\n\n - tcp: take care of truncations done by sk_filter (Eric\n Dumazet) [Orabug: 25507226] (CVE-2016-8645)\n\n - rose: limit sk_filter trim to payload (Willem de Bruijn)\n [Orabug: 25507226] (CVE-2016-8645)\n\n - tipc: check minimum bearer MTU (Michal Kube&#x10D ek)\n [Orabug: 25507239] (CVE-2016-8632) (CVE-2016-8632)\n\n - fix minor infoleak in get_user_ex (Al Viro) [Orabug:\n 25507269] (CVE-2016-9178)\n\n - scsi: arcmsr: Simplify user_len checking (Borislav\n Petkov) [Orabug: 25507319] (CVE-2016-7425)\n\n - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer\n (Dan Carpenter) [Orabug: 25507319] (CVE-2016-7425)\n\n - tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng)\n [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)\n\n - posix_acl: Clear SGID bit when setting file permissions\n (Jan Kara) [Orabug: 25507341] (CVE-2016-7097)\n (CVE-2016-7097)\n\n - ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366]\n (CVE-2015-8952)\n\n - ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366]\n (CVE-2015-8952)\n\n - mbcache2: reimplement mbcache (Jan Kara) [Orabug:\n 25512366] (CVE-2015-8952)\n\n - USB: digi_acceleport: do sanity checking for the number\n of ports (Oliver Neukum) [Orabug: 25512466]\n (CVE-2016-3140)\n\n - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet)\n [Orabug: 25682419] (CVE-2017-6345)\n\n - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli\n Cohen) \n\n - ipv4: keep skb->dst around in presence of IP options\n (Eric Dumazet) [Orabug: 25698300] (CVE-2017-5970)\n\n - perf/core: Fix concurrent sys_perf_event_open vs.\n 'move_group' race (Peter Zijlstra) [Orabug: 25698751]\n (CVE-2017-6001)\n\n - ip6_gre: fix ip6gre_err invalid reads (Eric Dumazet)\n [Orabug: 25699015] (CVE-2017-5897)\n\n - mpt3sas: Don't spam logs if logging level is 0 (Johannes\n Thumshirn) \n\n - xen-netfront: cast grant table reference first to type\n int (Dongli Zhang)\n\n - xen-netfront: do not cast grant table reference to\n signed short (Dongli Zhang)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32b057e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.33.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.33.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:31:50", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2017:0892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0892.NASL", "href": "https://www.tenable.com/plugins/nessus/99338", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0892. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99338);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7910\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0892\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2017:0892)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file\nwhere a local attacker could manipulate memory in the put() function\npointer. This could lead to memory corruption and possible privileged\nescalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted\nfirmware bin file. As a consequence, the firmware could not be\nflashed. This update provides a firmware bin file that is formatted\ncorrectly. As a result, Chelsio firmware can now be flashed\nsuccessfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the\n/proc/stat file, spinlock overhead was generated on Non-Uniform Memory\nAccess (NUMA) systems. Consequently, a large amount of CPU was\nconsumed. With this update, the underlying source code has been fixed\nto avoid taking spinlock when the interrupt line does not exist. As a\nresult, the spinlock overhead is now generated less often, and\nmultiple simultaneous processes can now read /proc/stat without\nconsuming a large amount of CPU. (BZ#1428106)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-7910\", \"CVE-2017-2636\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0892\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0892\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:11", "description": "Security Fix(es) :\n\n - A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.\n (CVE-2017-2636, Important)\n\n - A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.\n (CVE-2016-7910, Moderate)\n\nBug Fix(es) :\n\n - Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully.\n\n - When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems.\n Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU.", "cvss3": {}, "published": "2017-04-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170411)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170411_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99301);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7910\", \"CVE-2017-2636\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170411)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A race condition flaw was found in the N_HLDC Linux\n kernel driver when accessing n_hdlc.tbuf list that can\n lead to double free. A local, unprivileged user able to\n set the HDLC line discipline on the tty device could use\n this flaw to increase their privileges on the system.\n (CVE-2017-2636, Important)\n\n - A flaw was found in the Linux kernel's implementation of\n seq_file where a local attacker could manipulate memory\n in the put() function pointer. This could lead to memory\n corruption and possible privileged escalation.\n (CVE-2016-7910, Moderate)\n\nBug Fix(es) :\n\n - Previously, Chelsio firmware included an\n incorrectly-formatted firmware bin file. As a\n consequence, the firmware could not be flashed. This\n update provides a firmware bin file that is formatted\n correctly. As a result, Chelsio firmware can now be\n flashed successfully.\n\n - When multiple simultaneous processes attempted to read\n from the /proc/stat file, spinlock overhead was\n generated on Non-Uniform Memory Access (NUMA) systems.\n Consequently, a large amount of CPU was consumed. With\n this update, the underlying source code has been fixed\n to avoid taking spinlock when the interrupt line does\n not exist. As a result, the spinlock overhead is now\n generated less often, and multiple simultaneous\n processes can now read /proc/stat without consuming a\n large amount of CPU.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=5983\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e794c66\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.1.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:10", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0892 advisory.\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. (CVE-2016-7910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2017-0892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0892.NASL", "href": "https://www.tenable.com/plugins/nessus/99298", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-0892.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99298);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2016-7910\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0892\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2017-0892)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-0892 advisory.\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before\n 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even\n if the corresponding start operation had failed. (CVE-2016-7910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-0892.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7910\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-696.1.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-0892');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-696.1.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-696.1.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-696.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-696.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:36:00", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:kernel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-doc", "p-cpe:/a:virtuozzo:virtuozzo:kernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:kernel-headers", "p-cpe:/a:virtuozzo:virtuozzo:perf", "p-cpe:/a:virtuozzo:virtuozzo:python-perf", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0892.NASL", "href": "https://www.tenable.com/plugins/nessus/101443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101443);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-7910\",\n \"CVE-2017-2636\"\n );\n\n script_name(english:\"Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0892)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file\nwhere a local attacker could manipulate memory in the put() function\npointer. This could lead to memory corruption and possible privileged\nescalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted\nfirmware bin file. As a consequence, the firmware could not be\nflashed. This update provides a firmware bin file that is formatted\ncorrectly. As a result, Chelsio firmware can now be flashed\nsuccessfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the\n/proc/stat file, spinlock overhead was generated on Non-Uniform Memory\nAccess (NUMA) systems. Consequently, a large amount of CPU was\nconsumed. With this update, the underlying source code has been fixed\nto avoid taking spinlock when the interrupt line does not exist. As a\nresult, the spinlock overhead is now generated less often, and\nmultiple simultaneous processes can now read /proc/stat without\nconsuming a large amount of CPU. (BZ#1428106)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0892.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57610098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0892\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-2.6.32-696.1.1.vl6\",\n \"kernel-abi-whitelists-2.6.32-696.1.1.vl6\",\n \"kernel-debug-2.6.32-696.1.1.vl6\",\n \"kernel-debug-devel-2.6.32-696.1.1.vl6\",\n \"kernel-devel-2.6.32-696.1.1.vl6\",\n \"kernel-doc-2.6.32-696.1.1.vl6\",\n \"kernel-firmware-2.6.32-696.1.1.vl6\",\n \"kernel-headers-2.6.32-696.1.1.vl6\",\n \"perf-2.6.32-696.1.1.vl6\",\n \"python-perf-2.6.32-696.1.1.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:47", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2017:0892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0892.NASL", "href": "https://www.tenable.com/plugins/nessus/99316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0892 and \n# CentOS Errata and Security Advisory 2017:0892 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99316);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7910\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0892\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2017:0892)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file\nwhere a local attacker could manipulate memory in the put() function\npointer. This could lead to memory corruption and possible privileged\nescalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636.\n\nBug Fix(es) :\n\n* Previously, Chelsio firmware included an incorrectly-formatted\nfirmware bin file. As a consequence, the firmware could not be\nflashed. This update provides a firmware bin file that is formatted\ncorrectly. As a result, Chelsio firmware can now be flashed\nsuccessfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the\n/proc/stat file, spinlock overhead was generated on Non-Uniform Memory\nAccess (NUMA) systems. Consequently, a large amount of CPU was\nconsumed. With this update, the underlying source code has been fixed\nto avoid taking spinlock when the interrupt line does not exist. As a\nresult, the spinlock overhead is now generated less often, and\nmultiple simultaneous processes can now read /proc/stat without\nconsuming a large amount of CPU. (BZ#1428106)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022358.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05eb6652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7910\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.1.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:03", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5986", "CVE-2017-6074"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0006_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121672", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0006. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121672);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-5986\", \"CVE-2017-6074\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0006\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-26.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6074\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-debuginfo-4.4.51-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:33:58", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-6001", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1056.NASL", "href": "https://www.tenable.com/plugins/nessus/99901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99901);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-6001\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel before 4.9.11 allows remote attackers to\n cause a denial of service (infinite loop and soft\n lockup) via vectors involving a TCP packet with the URG\n flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel\n through 4.9.12 does not restrict the address calculated\n by a certain rounding operation, which allows local\n users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system\n call, by making crafted shmget and shmat system calls\n in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel before 4.9.13 improperly manages lock\n dropping, which allows local users to cause a denial of\n service (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux\n kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes\n concurrent perf_event_open system calls for moving a\n software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1056\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56132594\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.44.58.28\",\n \"kernel-debug-3.10.0-327.44.58.28\",\n \"kernel-debug-devel-3.10.0-327.44.58.28\",\n \"kernel-devel-3.10.0-327.44.58.28\",\n \"kernel-headers-3.10.0-327.44.58.28\",\n \"kernel-tools-3.10.0-327.44.58.28\",\n \"kernel-tools-libs-3.10.0-327.44.58.28\",\n \"perf-3.10.0-327.44.58.28\",\n \"python-perf-3.10.0-327.44.58.28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:53", "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0866-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-7184"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_69-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_69-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0866-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0866-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99092);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2636\", \"CVE-2017-7184\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0866-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to fix the following\nsecurity bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to\n obtain root privileges or cause a denial of service\n (heap-based out-of-bounds access) via unspecified\n vectors, as demonstrated during a Pwn2Own competition at\n CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (double free) by setting\n the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7184/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170866-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46b381da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-486=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-486=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-486=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_69-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_69-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_69-default-1-2.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_69-xen-1-2.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.69.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:31:37", "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0864-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-7184"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0864-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0864-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99090);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2636\", \"CVE-2017-7184\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0864-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to fix the following\nsecurity bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to\n obtain root privileges or cause a denial of service\n (heap-based out-of-bounds access) via unspecified\n vectors, as demonstrated during a Pwn2Own competition at\n CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (double free) by setting\n the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7184/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170864-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27b1b7d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-487=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-487=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-487=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-487=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-487=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-487=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-487=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-487=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.49-92.14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.49-92.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:38:44", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3533 advisory.\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). (CVE-2016-10147)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. (CVE-2016-3951)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. (CVE-2017-2596)\n\n - arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2016-9756)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. (CVE-2016-8632)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.\n (CVE-2015-8952)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. (CVE-2017-6001)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. (CVE-2017-5897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8952", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-6786", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9178", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9756", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3533.NASL", "href": "https://www.tenable.com/plugins/nessus/99159", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3533.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99159);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-8952\",\n \"CVE-2016-3140\",\n \"CVE-2016-3672\",\n \"CVE-2016-3951\",\n \"CVE-2016-7097\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8632\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-9178\",\n \"CVE-2016-9588\",\n \"CVE-2016-9644\",\n \"CVE-2016-9756\",\n \"CVE-2016-10088\",\n \"CVE-2016-10147\",\n \"CVE-2017-2596\",\n \"CVE-2017-2636\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-6001\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3533 advisory.\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576. (CVE-2016-10088)\n\n - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr\n call, which allows local users to gain group privileges by leveraging the existence of a setgid program\n with restrictions on execute permissions. (CVE-2016-7097)\n\n - An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious\n application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n because it first requires compromising a privileged process and current compiler optimizations restrict\n access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935. (CVE-2016-8399)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause\n a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write\n function. (CVE-2017-7187)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)\n\n - crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL\n pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as\n demonstrated by mcryptd(md5). (CVE-2016-10147)\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest. (CVE-2016-9588)\n\n - The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2\n does not restrict a certain length field, which allows local users to gain privileges or cause a denial of\n service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. (CVE-2016-7425)\n\n - drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations,\n allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)\n\n - Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically\n proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact\n by inserting a USB device with an invalid USB descriptor. (CVE-2016-3951)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not\n properly randomize the legacy base address, which makes it easier for local users to defeat the intended\n restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or\n setgid program, by disabling stack-consumption resource limits. (CVE-2016-3672)\n\n - The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly\n emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references. (CVE-2017-2596)\n\n - arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in\n certain error cases, which allows local users to obtain sensitive information from kernel stack memory via\n a crafted application. (CVE-2016-9756)\n\n - The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to\n cause a denial of service (system crash) via a crafted application that makes sendto system calls, related\n to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)\n\n - The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the\n relationship between the minimum fragment length and the maximum packet size, which allows local users to\n gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN\n capability. (CVE-2016-8632)\n\n - The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not\n initialize a certain integer variable, which allows local users to obtain sensitive information from\n kernel stack memory by triggering failure of a get_user_ex call. (CVE-2016-9178)\n\n - The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6\n mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via\n filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.\n (CVE-2015-8952)\n\n - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1\n allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)\n\n - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in\n required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls. (CVE-2017-6345)\n\n - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows\n attackers to cause a denial of service (system crash) via (1) an application that makes crafted system\n calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes concurrent perf_event_open system calls for moving a\n software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2016-6786. (CVE-2017-6001)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have\n unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds\n access. (CVE-2017-5897)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3533.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6001\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.33.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.33.el6uek', '4.1.12-61.1.33.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3533');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.33.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.33.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.33.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.33.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.33.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.33.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.33.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.33.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.33.el6uek / dtrace-modules-4.1.12-61.1.33.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:47", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.\n(BZ#1450856)", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2017:1615)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101101);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:1615)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3090941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:1615\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1615\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:08", "description": "Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS\n\n - 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important)\n\n - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n - The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n (CVE-2017-2583, Moderate)\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.\n (CVE-2017-6214, Moderate)\n\nBug Fix(es) :\n\n - Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.\n\n - If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved.\n\n - The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected.\n\n - When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n\n - When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation.\n\n - When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170628_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/101105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101105);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap\n memory to build the scattergather list from a fragment\n list(skb_shinfo(skb)->frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if\n 'MAX_SKB_FRAGS\n\n - 1' parameter and 'NETIF_F_FRAGLIST' feature were used\n together. A remote user or process could use this flaw\n to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important)\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important)\n\n - The NFSv2 and NFSv3 server implementations in the Linux\n kernel through 4.10.13 lacked certain checks for the end\n of a buffer. A remote attacker could trigger a\n pointer-arithmetic error or possibly cause other\n unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895,\n Important)\n\n - The Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register in\n long mode. A user or process inside a guest could use\n this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest.\n (CVE-2017-2583, Moderate)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could allow\n a remote attacker to force the kernel to enter a\n condition in which it could loop indefinitely.\n (CVE-2017-6214, Moderate)\n\nBug Fix(es) :\n\n - Previously, the reserved-pages counter (HugePages_Rsvd)\n was bigger than the total-pages counter\n (HugePages_Total) in the /proc/meminfo file, and\n HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and\n HugePages_Rsvd underflow no longer occurs.\n\n - If a directory on a NFS client was modified while being\n listed, the NFS client could restart the directory\n listing multiple times. Consequently, the performance of\n listing the directory was sub-optimal. With this update,\n the restarting of the directory listing happens less\n frequently. As a result, the performance of listing the\n directory while it is being modified has improved.\n\n - The Fibre Channel over Ethernet (FCoE) adapter in some\n cases failed to reboot. This update fixes the qla2xxx\n driver, and FCoE adapter now reboots as expected.\n\n - When a VM with Virtual Function I/O (VFIO) device was\n rebooted, the QEMU process occasionally terminated\n unexpectedly due to a failed VFIO Direct Memory Access\n (DMA) map request. This update fixes the vfio driver and\n QEMU no longer crashes in the described situation.\n\n - When the operating system was booted with the in-box\n lpfc driver, a kernel panic occurred on the\n little-endian variant of IBM Power Systems. This update\n fixes lpfc, and the kernel no longer panics in the\n described situation.\n\n - When creating or destroying a VM with Virtual Function\n I/O (VFIO) devices with 'Hugepages' feature enabled,\n errors in Direct Memory Access (DMA) page table entry\n (PTE) mappings occurred, and QEMU memory usage behaved\n unpredictably. This update fixes range computation when\n making room for large pages in Input/Output Memory\n Management Unit (IOMMU). As a result, errors in DMA PTE\n mappings no longer occur, and QEMU has a predictable\n memory usage in the described situation.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=6811\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d5e542\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:34:48", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.\n(BZ#1450856)", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2017:1615)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615 and \n# CentOS Errata and Security Advisory 2017:1615 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101120);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:1615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?327ae90b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:34:52", "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0865-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2636", "CVE-2017-7184"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0865-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0865-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99091);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2636\", \"CVE-2017-7184\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0865-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to fix the following\nsecurity bugs :\n\n - CVE-2017-7184: The Linux kernel allowed local users to\n obtain root privileges or cause a denial of service\n (heap-based out-of-bounds access) via unspecified\n vectors, as demonstrated during a Pwn2Own competition at\n CanSecWest 2017 (bnc#1030573, bnc#1028372).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (double free) by setting\n the HDLC line discipline (bnc#1027565).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7184/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170865-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a551b33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-485=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-485=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-485=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-485=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-485=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-485=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:45:46", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-16151 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ELSA-2017-1615-1: / kernel (ELSA-2017-16151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-16151.NASL", "href": "https://www.tenable.com/plugins/nessus/180809", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-16151.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180809);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2017-2583\",\n \"CVE-2017-6214\",\n \"CVE-2017-7477\",\n \"CVE-2017-7645\",\n \"CVE-2017-7895\"\n );\n\n script_name(english:\"Oracle Linux 7 : ELSA-2017-1615-1: / kernel (ELSA-2017-16151)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-16151 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through\n 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by\n leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to\n an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers\n to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-1615-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.26.1.0.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-16151');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-3.10.0-514.26.1.0.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:32:07", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)

Description

Related