RHEL 7 : kernel-alt (RHSA-2020:0740)

2020-03-10T00:00:00

Description

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory. - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "REDHAT-RHSA-2020-0740.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : kernel-alt (RHSA-2020:0740)", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2020-03-10T00:00:00", "modified": "2023-01-23T00:00:00", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.3}, "severity": "HIGH", "exploitabilityScore": 6.5, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/134361", "reporter": "This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3460", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15030", "https://bugzilla.redhat.com/1759313", "https://access.redhat.com/security/cve/CVE-2019-17666", "https://access.redhat.com/security/cve/CVE-2019-15030", "https://access.redhat.com/security/cve/CVE-2018-16871", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15916", "https://bugzilla.redhat.com/1750813", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18805", "https://access.redhat.com/security/cve/CVE-2019-3460", "https://access.redhat.com/security/cve/CVE-2019-18805", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11884", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16871", "https://bugzilla.redhat.com/1663176", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3459", "https://bugzilla.redhat.com/1709837", "https://bugzilla.redhat.com/1655162", "https://access.redhat.com/security/cve/CVE-2019-3459", "https://bugzilla.redhat.com/1763690", "https://access.redhat.com/security/cve/CVE-2019-11884", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666", "https://access.redhat.com/security/cve/CVE-2019-15916", "https://bugzilla.redhat.com/1663179", "https://access.redhat.com/errata/RHSA-2020:0740", "https://bugzilla.redhat.com/1771496"], "cvelist": ["CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460"], "immutableFields": [], "lastseen": "2023-01-26T14:36:17", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1201", "ALAS-2019-1214", "ALAS2-2019-1201", "ALAS2-2019-1214"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-01-01"]}, {"type": "archlinux", "idList": ["ASA-201911-10", "ASA-201911-11", "ASA-201911-12", "ASA-201911-9"]}, {"type": "centos", "idList": ["CESA-2019:1873", "CESA-2019:2029", "CESA-2020:0839", "CESA-2020:1016", "CESA-2020:1524"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:80E5E37692FEC22672DA18E221852B5D", "CFOUNDRY:A9246B54233F05FAAFEBCA42A471540D", "CFOUNDRY:DAEEFC1E9FDBBF02A1D3ACCD6434010C", "CFOUNDRY:DF07D4C717AC736D9D7D72B02A5FA2CB", "CFOUNDRY:F1FD906C8A4009015525A4BE5BA37775"]}, {"type": "cve", "idList": ["CVE-2018-16871", "CVE-2019-11884", "CVE-2019-12983", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4465-1:DDE47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16871", "DEBIANCVE:CVE-2019-11884", "DEBIANCVE:CVE-2019-15030", "DEBIANCVE:CVE-2019-15916", "DEBIANCVE:CVE-2019-17666", "DEBIANCVE:CVE-2019-18805", "DEBIANCVE:CVE-2019-3459", "DEBIANCVE:CVE-2019-3460"]}, {"type": "f5", "idList": ["F5:K15122200", "F5:K18657134", "F5:K56851402", "F5:K57418558", "F5:K85633044", "F5:K88125023"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:07B5A6CB4421", "FEDORA:18B6A601B8F9", "FEDORA:1BD5B6389B47", "FEDORA:1CAC0608E6F2", "FEDORA:20DCB60779B2", "FEDORA:22D77604972B", "FEDORA:2836F613193B", "FEDORA:296826040AED", "FEDORA:2A66C608E6F2", "FEDORA:3266960F0E44", "FEDORA:344346042F3E", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:3AF72606FD79", "FEDORA:3C394606D98F", "FEDORA:4002B609954A", "FEDORA:41B546014626", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:4F21B6125E50", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5B68260A5858", "FEDORA:5BC786077CC2", "FEDORA:690DE6022BA8", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6E67663233DB", "FEDORA:754F860A98ED", "FEDORA:79EAC605FC25", "FEDORA:84A106014740", "FEDORA:84FBF6179A05", "FEDORA:85FBF6076011", "FEDORA:89C9C6051B3A", "FEDORA:8DEB0604D0FE", "FEDORA:9801060D30FA", "FEDORA:98E8F6079A11", "FEDORA:9E3D9606D195", "FEDORA:A2DF86040BC0", "FEDORA:B59DB604C870", "FEDORA:B87B460876BA", "FEDORA:BBFE360460D0", "FEDORA:BF5EC607125E", "FEDORA:C1EA6603ECEC", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C63656040AE1", "FEDORA:C64AE6007F37", "FEDORA:C6AF860C4240", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D3523607924A", "FEDORA:D7636602D4CE", "FEDORA:DBB1B659CBE0", "FEDORA:E37FD60924F1", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:F02C560914F4", "FEDORA:F417F60477C5"]}, {"type": "ibm", "idList": ["22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "270E7F8D6C0BA0C052D17A0F1714E8401CE49A076E5AA43582D8DA42ACFE3121", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE", "ED8A3D1B7861E9FADE2E56F3710C2F426BD0F046968D24A2807B0DBC778A1AA1", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "mageia", "idList": ["MGASA-2019-0306", "MGASA-2019-0333"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995515"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1201.NASL", "AL2_ALAS-2019-1214.NASL", "ALA_ALAS-2019-1201.NASL", "ALA_ALAS-2019-1214.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS8_RHSA-2020-0339.NASL", "CENTOS8_RHSA-2020-1372.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS_RHSA-2019-1873.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-0839.NASL", "CENTOS_RHSA-2020-1016.NASL", "CENTOS_RHSA-2020-1524.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1823.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DSA-4465.NASL", "EULEROS_SA-2019-1302.NASL", "EULEROS_SA-2019-1304.NASL", "EULEROS_SA-2019-1587.NASL", "EULEROS_SA-2019-1636.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2068.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1056.NASL", "FEDORA_2019-509C133845.NASL", "FEDORA_2019-640F8D8DD1.NASL", "FEDORA_2019-6A67FF8793.NASL", "FEDORA_2019-C36AFA818C.NASL", "FEDORA_2019-E6BF55E821.NASL", "FEDORA_2019-F812C9FB22.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0043_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10_10.NASL", "NUTANIX_NXSA-AOS-5_11_2_1.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_1.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_3.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_0_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "OPENSUSE-2019-140.NASL", "OPENSUSE-2019-1404.NASL", "OPENSUSE-2019-1407.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-203.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-274.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4672.NASL", "ORACLELINUX_ELSA-2019-4675.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2020-0339.NASL", "ORACLELINUX_ELSA-2020-0834.NASL", "ORACLELINUX_ELSA-2020-1372.NASL", "ORACLELINUX_ELSA-2020-1524.NASL", "ORACLELINUX_ELSA-2020-5532.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5535.NASL", "ORACLEVM_OVMSA-2019-0024.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2020-0328.NASL", "REDHAT-RHSA-2020-0339.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0661.NASL", "REDHAT-RHSA-2020-0831.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT-RHSA-2020-0839.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-1347.NASL", "REDHAT-RHSA-2020-1353.NASL", "REDHAT-RHSA-2020-1372.NASL", "REDHAT-RHSA-2020-1465.NASL", "REDHAT-RHSA-2020-1473.NASL", "REDHAT-RHSA-2020-1524.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2522.NASL", "REDHAT-RHSA-2020-2851.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SL_20200422_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-0767-1.NASL", "SUSE_SU-2019-0784-1.NASL", "SUSE_SU-2019-0901-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-14089-1.NASL", "SUSE_SU-2019-14127-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-14354-1.NASL", "UBUNTU_USN-3930-1.NASL", "UBUNTU_USN-3930-2.NASL", "UBUNTU_USN-3931-1.NASL", "UBUNTU_USN-3931-2.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-3933-1.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL", "UBUNTU_USN-4183-1.NASL", "UBUNTU_USN-4183-2.NASL", "UBUNTU_USN-4184-1.NASL", "UBUNTU_USN-4184-2.NASL", "UBUNTU_USN-4185-1.NASL", "UBUNTU_USN-4185-3.NASL", "UBUNTU_USN-4186-1.NASL", "UBUNTU_USN-4186-3.NASL", "VIRTUOZZO_VZA-2019-064.NASL", "VIRTUOZZO_VZA-2019-068.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704465", "OPENVAS:1361412562310843951", "OPENVAS:1361412562310843952", "OPENVAS:1361412562310843953", "OPENVAS:1361412562310843954", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310843959", "OPENVAS:1361412562310843960", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844103", "OPENVAS:1361412562310844104", "OPENVAS:1361412562310844111", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844182", "OPENVAS:1361412562310844230", "OPENVAS:1361412562310844231", "OPENVAS:1361412562310844233", "OPENVAS:1361412562310844234", "OPENVAS:1361412562310844235", "OPENVAS:1361412562310844236", "OPENVAS:1361412562310844274", "OPENVAS:1361412562310844277", "OPENVAS:1361412562310852274", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852870", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310875413", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876360", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876363", "OPENVAS:1361412562310876365", "OPENVAS:1361412562310876374", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876399", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877111", "OPENVAS:1361412562310877140", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310883095", "OPENVAS:1361412562310883210", "OPENVAS:1361412562310883220", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220191302", "OPENVAS:1361412562311220191304", "OPENVAS:1361412562311220191587", "OPENVAS:1361412562311220191636", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220192068", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201452"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1873", "ELSA-2019-2029", "ELSA-2019-3517", "ELSA-2019-4670", "ELSA-2019-4672", "ELSA-2019-4675", "ELSA-2019-4685", "ELSA-2019-4746", "ELSA-2019-4836", "ELSA-2019-4850", "ELSA-2020-0339", "ELSA-2020-0834", "ELSA-2020-1016", "ELSA-2020-1372", "ELSA-2020-1524", "ELSA-2020-1769", "ELSA-2020-5532", "ELSA-2020-5533", "ELSA-2020-5535"]}, {"type": "osv", "idList": ["OSV:DLA-1771-1", "OSV:DLA-1799-1", "OSV:DLA-1823-1", "OSV:DLA-1824-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1", "OSV:DSA-4465-1"]}, {"type": "photon", "idList": ["PHSA-2019-0007", "PHSA-2019-0015", "PHSA-2019-0021", "PHSA-2019-0142", "PHSA-2019-0151", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0221", "PHSA-2019-0224", "PHSA-2019-0236", "PHSA-2019-0255", "PHSA-2019-1.0-0224", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0255", "PHSA-2019-2.0-0161", "PHSA-2019-3.0-0015"]}, {"type": "redhat", "idList": ["RHSA-2019:1873", "RHSA-2019:1891", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:2696", "RHSA-2019:2730", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2020:0328", "RHSA-2020:0339", "RHSA-2020:0543", "RHSA-2020:0661", "RHSA-2020:0740", "RHSA-2020:0831", "RHSA-2020:0834", "RHSA-2020:0839", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:1347", "RHSA-2020:1353", "RHSA-2020:1372", "RHSA-2020:1465", "RHSA-2020:1473", "RHSA-2020:1475", "RHSA-2020:1524", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2522", "RHSA-2020:2851"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16871", "RH:CVE-2019-11884", "RH:CVE-2019-15030", "RH:CVE-2019-15916", "RH:CVE-2019-17666", "RH:CVE-2019-18805", "RH:CVE-2019-3459", "RH:CVE-2019-3460"]}, {"type": "slackware", "idList": ["SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0140-1", "OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2675-1"]}, {"type": "symantec", "idList": ["SMNTC-110546", "SMNTC-110816"]}, {"type": "threatpost", "idList": ["THREATPOST:00D23B55537D30A2F2BE05DA9507449A", "THREATPOST:EA093948BFD7033F5C9DB5B3199BEED4"]}, {"type": "ubuntu", "idList": ["USN-3930-1", "USN-3930-2", "USN-3931-1", "USN-3931-2", "USN-3932-1", "USN-3932-2", "USN-3933-1", "USN-3933-2", "USN-4068-1", "USN-4068-2", "USN-4069-1", "USN-4069-2", "USN-4076-1", "USN-4118-1", "USN-4135-1", "USN-4135-2", "USN-4183-1", "USN-4183-2", "USN-4184-1", "USN-4184-2", "USN-4185-1", "USN-4185-3", "USN-4186-1", "USN-4186-2", "USN-4186-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16871", "UB:CVE-2019-11884", "UB:CVE-2019-15030", "UB:CVE-2019-15916", "UB:CVE-2019-17666", "UB:CVE-2019-18805", "UB:CVE-2019-3459", "UB:CVE-2019-3460"]}, {"type": "veracode", "idList": ["VERACODE:20974", "VERACODE:21067", "VERACODE:21068", "VERACODE:21822", "VERACODE:21915", "VERACODE:26900"]}, {"type": "virtuozzo", "idList": ["VZA-2019-064", "VZA-2019-068", "VZA-2020-036", "VZA-2020-037"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1201", "ALAS-2019-1214"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-01-01"]}, {"type": "archlinux", "idList": ["ASA-201911-10", "ASA-201911-11", "ASA-201911-9"]}, {"type": "centos", "idList": ["CESA-2019:1873", "CESA-2019:2029"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:80E5E37692FEC22672DA18E221852B5D", "CFOUNDRY:DAEEFC1E9FDBBF02A1D3ACCD6434010C", "CFOUNDRY:DF07D4C717AC736D9D7D72B02A5FA2CB"]}, {"type": "cve", "idList": ["CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-3459", "CVE-2019-3460"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DSA-4465-1:304F1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16871", "DEBIANCVE:CVE-2019-11884", "DEBIANCVE:CVE-2019-15030", "DEBIANCVE:CVE-2019-15916", "DEBIANCVE:CVE-2019-17666", "DEBIANCVE:CVE-2019-18805", "DEBIANCVE:CVE-2019-3459", "DEBIANCVE:CVE-2019-3460"]}, {"type": "f5", "idList": ["F5:K18657134", "F5:K57418558"]}, {"type": "fedora", "idList": ["FEDORA:20DCB60779B2", "FEDORA:22D77604972B", "FEDORA:296826040AED", "FEDORA:3266960F0E44", "FEDORA:41B546014626", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:5B68260A5858", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:84A106014740", "FEDORA:9E3D9606D195", "FEDORA:B59DB604C870", "FEDORA:BBFE360460D0", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:DBB1B659CBE0", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:F417F60477C5"]}, {"type": "ibm", "idList": ["22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "270E7F8D6C0BA0C052D17A0F1714E8401CE49A076E5AA43582D8DA42ACFE3121", "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2018-16871/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995515"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1201.NASL", "AL2_ALAS-2019-1214.NASL", "ALA_ALAS-2019-1201.NASL", "ALA_ALAS-2019-1214.NASL", "CENTOS_RHSA-2019-1873.NASL", "CENTOS_RHSA-2019-2029.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1823.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DSA-4465.NASL", "EULEROS_SA-2019-1302.NASL", "EULEROS_SA-2019-1304.NASL", "EULEROS_SA-2019-1587.NASL", "EULEROS_SA-2019-1636.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2068.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2020-1197.NASL", "FEDORA_2019-509C133845.NASL", "FEDORA_2019-640F8D8DD1.NASL", "FEDORA_2019-6A67FF8793.NASL", "FEDORA_2019-C36AFA818C.NASL", "FEDORA_2019-E6BF55E821.NASL", "FEDORA_2019-F812C9FB22.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "OPENSUSE-2019-140.NASL", "OPENSUSE-2019-1404.NASL", "OPENSUSE-2019-1407.NASL", "OPENSUSE-2019-1479.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-274.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4672.NASL", "ORACLELINUX_ELSA-2019-4675.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0661.NASL", "REDHAT-RHSA-2020-0831.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT_REPOS.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-0767-1.NASL", "SUSE_SU-2019-0784-1.NASL", "SUSE_SU-2019-0901-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2879-1.NASL", "UBUNTU_USN-3930-1.NASL", "UBUNTU_USN-3930-2.NASL", "UBUNTU_USN-3931-1.NASL", "UBUNTU_USN-3931-2.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-3933-1.NASL", "UBUNTU_USN-4068-1.NASL", "UBUNTU_USN-4068-2.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4076-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704465", "OPENVAS:1361412562310843951", "OPENVAS:1361412562310843952", "OPENVAS:1361412562310843953", "OPENVAS:1361412562310843954", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310843959", "OPENVAS:1361412562310843960", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844103", "OPENVAS:1361412562310844104", "OPENVAS:1361412562310844111", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844182", "OPENVAS:1361412562310852274", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310852503", "OPENVAS:1361412562310852506", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310875413", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876360", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876363", "OPENVAS:1361412562310876365", "OPENVAS:1361412562310876374", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876399", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876476", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876489", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310883095", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220201197"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1873", "ELSA-2019-2029", "ELSA-2019-4746", "ELSA-2020-0834"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0224", "PHSA-2019-1.0-0236", "PHSA-2019-2.0-0161", "PHSA-2019-3.0-0015"]}, {"type": "redhat", "idList": ["RHSA-2020:0543"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-15916", "RH:CVE-2019-17666"]}, {"type": "slackware", "idList": ["SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0140-1", "OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:1404-1", "OPENSUSE-SU-2019:1407-1", "OPENSUSE-SU-2019:1479-1", "OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1"]}, {"type": "talos", "idList": ["SAP"]}, {"type": "threatpost", "idList": ["THREATPOST:EA093948BFD7033F5C9DB5B3199BEED4"]}, {"type": "ubuntu", "idList": ["USN-3930-1", "USN-3930-2", "USN-3931-1", "USN-3931-2", "USN-3932-1", "USN-3932-2", "USN-3933-1", "USN-3933-2", "USN-4068-1", "USN-4068-2", "USN-4069-1", "USN-4076-1", "USN-4118-1", "USN-4135-1", "USN-4135-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15030", "UB:CVE-2019-15916", "UB:CVE-2019-17666", "UB:CVE-2019-18805"]}, {"type": "virtuozzo", "idList": ["VZA-2019-064", "VZA-2019-068"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-16871", "epss": "0.007780000", "percentile": "0.786080000", "modified": "2023-03-14"}, {"cve": "CVE-2019-11884", "epss": "0.000440000", "percentile": "0.082350000", "modified": "2023-03-14"}, {"cve": "CVE-2019-15030", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}, {"cve": "CVE-2019-15916", "epss": "0.008350000", "percentile": "0.794350000", "modified": "2023-03-14"}, {"cve": "CVE-2019-17666", "epss": "0.001360000", "percentile": "0.473220000", "modified": "2023-03-14"}, {"cve": "CVE-2019-18805", "epss": "0.003890000", "percentile": "0.690630000", "modified": "2023-03-14"}, {"cve": "CVE-2019-3459", "epss": "0.001230000", "percentile": "0.449180000", "modified": "2023-03-14"}, {"cve": "CVE-2019-3460", "epss": "0.001230000", "percentile": "0.449180000", "modified": "2023-03-14"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1674744040, "score": 1674744219, "epss": 1678891487}, "_internal": {"score_hash": "3bb6283618a438a5b9ca0b06eb197d3b"}, "pluginID": "134361", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0740. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134361);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-11884\",\n \"CVE-2019-15030\",\n \"CVE-2019-15916\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n script_bugtraq_id(\n 106565,\n 107910,\n 108299,\n 108547\n );\n script_xref(name:\"RHSA\", value:\"2020:0740\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:0740)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable\n exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1655162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771496\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-abi-whitelists package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 190, 200, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16871', 'CVE-2019-3459', 'CVE-2019-3460', 'CVE-2019-11884', 'CVE-2019-15030', 'CVE-2019-15916', 'CVE-2019-17666', 'CVE-2019-18805');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0740');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-abi-whitelists-4.14.0-115.18.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-abi-whitelists');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*"], "solution": "Update the affected kernel-abi-whitelists package.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2019-17666", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-03-09T00:00:00", "vulnerabilityPublicationDate": "2018-11-30T00:00:00", "exploitableWith": []}

{"redhat": [{"lastseen": "2021-10-19T20:40:23", "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)\n\n* kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)\n\n* RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934)\n\n* Backport \"fs/dcache.c: add cond_resched() in shrink_dentry_list()\" (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)\n\n* [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-09T13:16:17", "type": "redhat", "title": "(RHSA-2020:0740) Important: kernel-alt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2020-03-09T13:39:39", "id": "RHSA-2020:0740", "href": "https://access.redhat.com/errata/RHSA-2020:0740", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:26", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* port show-kabi to python3 (BZ#1806925)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-14T13:58:53", "type": "redhat", "title": "(RHSA-2020:1473) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17666"], "modified": "2020-04-14T14:15:28", "id": "RHSA-2020:1473", "href": "https://access.redhat.com/errata/RHSA-2020:1473", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:05", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-17T10:21:11", "type": "redhat", "title": "(RHSA-2020:0831) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14895", "CVE-2019-17666"], "modified": "2020-03-17T10:28:23", "id": "RHSA-2020:0831", "href": "https://access.redhat.com/errata/RHSA-2020:0831", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:37", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1810602)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T08:51:11", "type": "redhat", "title": "(RHSA-2020:1353) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-17666"], "modified": "2020-04-07T09:01:34", "id": "RHSA-2020:1353", "href": "https://access.redhat.com/errata/RHSA-2020:1353", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:39:06", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797965)\n\n* port show-kabi to python3 (BZ#1806926)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T08:31:19", "type": "redhat", "title": "(RHSA-2020:1347) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-17666"], "modified": "2020-04-07T08:46:02", "id": "RHSA-2020:1347", "href": "https://access.redhat.com/errata/RHSA-2020:1347", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:09", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n* kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-22T06:36:51", "type": "redhat", "title": "(RHSA-2020:1524) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-17666"], "modified": "2020-04-22T06:47:35", "id": "RHSA-2020:1524", "href": "https://access.redhat.com/errata/RHSA-2020:1524", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:48", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Slow console output with ast (Aspeed) graphics driver (BZ#1780146)\n\n* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes (BZ#1781158)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1795648)\n\n* System Crash on vport creation (NPIV on FCoE) (BZ#1796363)\n\n* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory (BZ#1796430)\n\n* [GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796434)\n\n* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797966)\n\n* port show-kabi to python3 (BZ#1806928)\n\n* top shows super high loads when tuned profile realtime-virtual-host is applied (BZ#1808028)\n\nEnhancement(s):\n\n* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show' (BZ#1791594)\n\n* [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1797503)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-14T14:34:17", "type": "redhat", "title": "(RHSA-2020:1465) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-17666", "CVE-2019-19338"], "modified": "2020-04-14T15:37:19", "id": "RHSA-2020:1465", "href": "https://access.redhat.com/errata/RHSA-2020:1465", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:55", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n* kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031)\n\n* kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [FJ8.1 Bug]: fs/devpts: always delete dcache dentry-s in dput() (BZ#1783959)\n\n* qla2xxx: call dma_free_coherent with correct size in all cases in qla24xx_sp_unmap (BZ#1788206)\n\n* qla2xxxx: Firmware update for Gen7 adapter could result in an unusable adapter (BZ#1790350)\n\n* s390/sclp: Fix bit checked for has_sipl (BZ#1791408)\n\n* RHEL8.1 - Error output for CPU-MF auxtrace data in perf: (BZ#1792198)\n\n* [FJ8.0 Bug]: [kernel]: using \"kexec -e\" to reboot A64FX system causes system panic during the boot of the 2nd kernel (BZ#1792200)\n\n* Fixup tlbie vs store ordering issue on POWER9 (BZ#1794058)\n\n* RHEL8.1 - qeth: add safeguards to RX data path (BZ#1794059)\n\n* RHEL8.1 - STC940:ZZ:Fleet:RHEL:LPM failed with no rmc connection during 6th iteration (ibmvnic) (BZ#1794060)\n\n* RHEL8.1 - disable trace-imc feature (perf:) (BZ#1794061)\n\n* [Broadcom RHEL8.2 FEAT]: megaraid_sas driver update request (BZ#1795335)\n\n* RHEL8.1 pre-Beta - [ FW940 ] [ zz P9 ] kdump fails when XIVE is enabled and dump is trigged from HMC. (BZ#1795337)\n\n* T10 DIF: OOM observed while running I/O (BZ#1795338)\n\n* backport fix for potential deadlock relative to snapshot COW throttling (BZ#1796490)\n\n* Neoverse n1 errata 1542419 \"Core may fetch stale instructions from memory and violate ordering\" (BZ#1797518)\n\n* [HPE 8.1 Bug] hpsa: bug fix for reset issue (BZ#1797519)\n\n* [HPE 8.0 BUG] System crash when reading /sys/block/<dm>/mq/0/cpu_list file (BZ#1797960)\n\n* kernel: T10 CRC not using hardware-accelerated version from crct10dif_pclmul (BZ#1797961)\n\n* [FJ8.1 Bug]: Dirty pages remain when write() returns ENOSPC. (BZ#1797962)\n\n* RHEL 8 - NVMe/FC Fabric Broadcom Autoconnect Script Fails to Reconnect after Controller Reset (BZ#1798381)\n\n* [RHEL8.2]: Chelsio crypto co-processor Driver (chcr) bugfixes (BZ#1798527)\n\n* [RHEL8.1][Snapshot-1]LUN discovery says unrecognized (BZ#1801216)\n\n* 8.2 snap2 kernel incorrectly signed in brew (BZ#1807231)", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-07T10:57:14", "type": "redhat", "title": "(RHSA-2020:1372) Moderate: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15030", "CVE-2019-15031", "CVE-2019-18660", "CVE-2019-19527"], "modified": "2020-05-13T12:54:36", "id": "RHSA-2020:1372", "href": "https://access.redhat.com/errata/RHSA-2020:1372", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:27", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400)", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-29T12:49:37", "type": "redhat", "title": "(RHSA-2019:1891) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2019-07-29T14:26:59", "id": "RHSA-2019:1891", "href": "https://access.redhat.com/errata/RHSA-2019:1891", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:26", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s):\n\nThese updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/4309211", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-29T12:49:26", "type": "redhat", "title": "(RHSA-2019:1873) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2019-07-29T14:26:53", "id": "RHSA-2019:1873", "href": "https://access.redhat.com/errata/RHSA-2019:1873", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T22:40:10", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n* kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n* kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n* kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n* Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-05T17:28:43", "type": "redhat", "title": "(RHSA-2019:3309) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-10720"], "modified": "2020-05-28T03:05:41", "id": "RHSA-2019:3309", "href": "https://access.redhat.com/errata/RHSA-2019:3309", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:38:50", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL7.7 - default idle mishandles lazy irq state (BZ#1767620)\n\n* Sanitize MM backported code for RHEL7 (BZ#1768386)\n\n* A bio with a flush and write to an md device can be lost and never complete by the md layer (BZ#1773482)\n\n* [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop. (BZ#1778084)\n\n* RHEL7.7 - zfcp: fix reaction on bit error threshold notification (BZ#1778691)\n\n* RHEL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x (BZ#1780035)\n\n* Leak in cachefiles driver (BZ#1780149)\n\n* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes (BZ#1781159)\n\n* Allocation failure in md's r10buf_pool_alloc function leads to a crash from accessing uninitialized pointers (BZ#1781584)\n\n* [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783177)\n\n* A bnx2fc abort attempt doesn't timeout from miscalculation causing a huge timeout value (BZ#1784824)\n\n* scsi: libiscsi: fall back to sendmsg for slab pages (BZ#1784826)\n\n* RHEL7.7 - kernel: avoid cpu yield in SMT environment (BZ#1787558)\n\n* RHEL7.6 - kernel: jump label transformation performance (BZ#1787559)\n\n* drm radeon power management warning on VERDE cards (BZ#1789744)\n\n* Duplicate enum value in include/linux/blk_types.h (BZ#1791781)\n\n* [HPE 7.7 Bug] hpsa: bug fix for reset issue (BZ#1791782)\n\n* System Crash on vport creation (NPIV on FCoE) (BZ#1791825)\n\n* [Hyper-V][RHEL 7.8] Four Mellanox Patches needed for kernels that have that have SRIOV (BZ#1792371)\n\n* WARNING: CPU: 7 PID: 2049 at mm/slub.c:2296 ___slab_alloc+0x508/0x520 (BZ#1793086)\n\n* fio with ioengine=pmemblk on fsdax failed (BZ#1793088)\n\n* [HPE 7.7 Bug] hpsa: bug fixes (BZ#1793579)\n\n* perf top -p PID does not show anything (BZ#1793581)\n\n* Delay in RT task scheduled. Incorrect nr_scheduled value. (BZ#1796261)\n\n* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory (BZ#1796431)\n\n* ixgbevf interface goes down on hypervisor and causes outage (BZ#1796798)\n\n* Can't enable virt-ssbd on some AMD hosts (BZ#1797511)\n\n* [HPEMC 7.8 BUG] x86/boot/64: Avoid mapping reserved ranges in early page tables (BZ#1798163)\n\nEnhancement(s):\n\n* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show' (BZ#1791595)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-17T13:09:43", "type": "redhat", "title": "(RHSA-2020:0834) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-11487", "CVE-2019-17666", "CVE-2019-19338"], "modified": "2020-03-17T14:52:05", "id": "RHSA-2020:0834", "href": "https://access.redhat.com/errata/RHSA-2020:0834", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:59", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-17T13:09:52", "type": "redhat", "title": "(RHSA-2020:0839) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-11487", "CVE-2019-17666", "CVE-2019-19338"], "modified": "2020-03-17T14:52:06", "id": "RHSA-2020:0839", "href": "https://access.redhat.com/errata/RHSA-2020:0839", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:18", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* fragmented packets timing out (BZ#1729411)\n\n* kernel build: speed up debuginfo extraction (BZ#1731462)\n\n* TCP packets are segmented when sent to the VM (TAP) (BZ#1732744)\n\n* TCP packets are segmented when sent to the VLAN device when coming from VXLAN dev. (BZ#1732809)\n\n* skb head copy occurs when sending traffic over OVS managed VXLAN tunnel (BZ#1733626)\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734160)\n\n* use \"make -jN\" for modules_install (BZ#1735081)\n\n* shmem: consider shm_mnt as a long-term mount (BZ#1737376)\n\n* [ESXi][RHEL7]use-after-free of scsi_cmnd on VMWare virtual guest with vmw_pvscsi and ata_piix (BZ#1737377)\n\n* Backport TCP follow-up for small buffers (BZ#1739127)", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-10T10:02:41", "type": "redhat", "title": "(RHSA-2019:2696) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13405", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-9568", "CVE-2019-1125"], "modified": "2019-09-10T10:34:28", "id": "RHSA-2019:2696", "href": "https://access.redhat.com/errata/RHSA-2019:2696", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:09", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Backport TCP follow-up for small buffers [mrg-r] (BZ#1732110)\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1734469)", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-11T07:20:53", "type": "redhat", "title": "(RHSA-2019:2730) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13405", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-9568", "CVE-2019-1125"], "modified": "2019-09-11T07:25:22", "id": "RHSA-2019:2730", "href": "https://access.redhat.com/errata/RHSA-2019:2730", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-26T14:32:13", "description": "The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-17T00:00:00", "type": "nessus", "title": "Fedora 28 : kernel / kernel-headers (2019-509c133845)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-509C133845.NASL", "href": "https://www.tenable.com/plugins/nessus/121217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-509c133845.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121217);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\");\n script_xref(name:\"FEDORA\", value:\"2019-509c133845\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers (2019-509c133845)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-509c133845\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3459\", \"CVE-2019-3460\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-509c133845\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.19.15-200.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-4.19.15-200.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T14:21:46", "description": "The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-17T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers (2019-f812c9fb22)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-F812C9FB22.NASL", "href": "https://www.tenable.com/plugins/nessus/121218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f812c9fb22.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121218);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\");\n script_xref(name:\"FEDORA\", value:\"2019-f812c9fb22\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers (2019-f812c9fb22)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The v4.19.15 stable update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f812c9fb22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-3459\", \"CVE-2019-3460\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-f812c9fb22\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-4.19.15-300.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-4.19.15-300.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T00:39:08", "description": "A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. (CVE-2019-3460)\n\nA bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\nA flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack.\nAn attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. (CVE-2019-3459)", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460", "CVE-2019-7308"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/124654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1201.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124654);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-7308\");\n script_xref(name:\"ALAS\", value:\"2019-1201\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's implementation of logical link\ncontrol and adaptation protocol (L2CAP), part of the Bluetooth stack\nin the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An\nattacker with physical access within the range of standard Bluetooth\ntransmission can create a specially crafted packet. The response to\nthis specially crafted packet can contain part of the kernel stack\nwhich can be used in a further attack. (CVE-2019-3460)\n\nA bypass was found for the Spectre v1 hardening in the eBPF engine of\nthe Linux kernel. The code in the kernel/bpf/verifier.c performs\nundesirable out-of-bounds speculation on pointer arithmetic in various\ncases, including cases of different branches with different state or\nlimits to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\nA flaw was found in the Linux kernels implementation of Logical link\ncontrol and adaptation protocol (L2CAP), part of the Bluetooth stack.\nAn attacker with physical access within the range of standard\nBluetooth transmission can create a specially crafted packet. The\nresponse to this specially crafted packet can contain part of the\nkernel stack which can be used in a further attack. (CVE-2019-3459)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1201.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7308\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.114-82.97.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.114-82.97.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-10-16T00:39:09", "description": "A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3460)\n\nA flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack.\nAn attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3459)\n\nA bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.(CVE-2019-7308)", "cvss3": {}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3459", "CVE-2019-3460", "CVE-2019-7308"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/124592", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1201.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124592);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-7308\");\n script_xref(name:\"ALAS\", value:\"2019-1201\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's implementation of logical link\ncontrol and adaptation protocol (L2CAP), part of the Bluetooth stack\nin the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An\nattacker with physical access within the range of standard Bluetooth\ntransmission can create a specially crafted packet. The response to\nthis specially crafted packet can contain part of the kernel stack\nwhich can be used in a further attack.(CVE-2019-3460)\n\nA flaw was found in the Linux kernels implementation of Logical link\ncontrol and adaptation protocol (L2CAP), part of the Bluetooth stack.\nAn attacker with physical access within the range of standard\nBluetooth transmission can create a specially crafted packet. The\nresponse to this specially crafted packet can contain part of the\nkernel stack which can be used in a further attack.(CVE-2019-3459)\n\nA bypass was found for the Spectre v1 hardening in the eBPF engine of\nthe Linux kernel. The code in the kernel/bpf/verifier.c performs\nundesirable out-of-bounds speculation on pointer arithmetic in various\ncases, including cases of different branches with different state or\nlimits to sanitize, leading to side-channel attacks.(CVE-2019-7308)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1201.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7308\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.114-103.97.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.114-103.97.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-03-16T14:25:15", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - nfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-064)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-064.NASL", "href": "https://www.tenable.com/plugins/nessus/133457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133457);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-16871\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-064)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - nfs: NULL pointer dereference due to an anomalized NFS\n message sequence. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-064\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61420692\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-85.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-03T14:15:17", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5532 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15916"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5532.NASL", "href": "https://www.tenable.com/plugins/nessus/133663", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5532.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133663);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-15916\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5532 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5532.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15916\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.319.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5532');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.319.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.319.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.319.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.319.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:50:20", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause a denial of service attack with low rates of packets targeting IP fragment re-assembly.\n (bsc#1103097)\n\n - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\n - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nThe following non-security bugs were fixed :\n\n - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).\n\n - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).\n\n - Documentation/network: reword kernel version reference (bnc#1012382).\n\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n\n - IB/rxe: replace kvfree with vfree ().\n\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382).\n\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).\n\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bnc#1012382).\n\n - Revert 'cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)' (bnc#1012382).\n\n - Revert 'exec: load_script: do not blindly truncate shebang string' (bnc#1012382).\n\n - Revert 'loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()' (bnc#1012382).\n\n - Revert 'loop: Fold __loop_release into loop_release' (bnc#1012382).\n\n - Revert 'loop: Get rid of loop_index_mutex' (bnc#1012382).\n\n - Revert 'mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).'\n\n - Revert most of 4.4.174 (kabi).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775).\n\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n\n - alpha: fix page fault handling for r16-r18 targets (bnc#1012382).\n\n - alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).\n\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).\n\n - arc: perf: map generic branches to correct hardware condition (bnc#1012382).\n\n - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).\n\n - arm64: ftrace: do not adjust the LR value (bnc#1012382).\n\n - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).\n\n - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382).\n\n - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).\n\n - arm: dts: da850-evm: Correct the sound card name (bnc#1012382).\n\n - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).\n\n - arm: dts: mmp2: fix TWSI2 (bnc#1012382).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).\n\n - arm: pxa: avoid section mismatch warning (bnc#1012382).\n\n - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).\n\n - batman-adv: Force mac header to start of data on xmit (bnc#1012382).\n\n - bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382).\n\n - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).\n\n - can: bcm: check timer values before ktime conversion (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382).\n\n - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809).\n\n - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).\n\n - cifs: Always resolve hostname before reconnecting (bnc#1012382).\n\n - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).\n\n - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).\n\n - cifs: Limit memory used by lock request calls to a page (bnc#1012382).\n\n - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).\n\n - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017).\n\n - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).\n\n - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).\n\n - debugfs: fix debugfs_rename parameter checking (bnc#1012382).\n\n - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382).\n\n - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382).\n\n - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).\n\n - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).\n\n - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382).\n\n - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).\n\n - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929)\n\n - drm/modes: Prevent division by zero htotal (bnc#1012382).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1106929)\n\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929)\n\n - enic: fix checksum validation for IPv6 (bnc#1012382).\n\n - exec: load_script: do not blindly truncate shebang string (bnc#1012382).\n\n - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).\n\n - f2fs: move dir data flush to write checkpoint process (bnc#1012382).\n\n - f2fs: read page index before freeing (bnc#1012382).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382).\n\n - fs/epoll: drop ovflist branch prediction (bnc#1012382).\n\n - fs: add the fsnotify call to vfs_iter_write (bnc#1012382).\n\n - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).\n\n - fs: fix lost error code in dio_complete (bsc#1117744).\n\n - fuse: call pipe_buf_release() under pipe lock (bnc#1012382).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).\n\n - fuse: handle zero sized retrieve correctly (bnc#1012382).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bnc#1012382).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bnc#1012382).\n\n - gpio: pl061: handle failed allocations (bnc#1012382).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)\n\n - hid: debug: fix the ring buffer implementation (bnc#1012382).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).\n\n - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382).\n\n - i2c-axxia: check for error conditions first (bnc#1012382).\n\n - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382).\n\n - inet: frags: add a pointer to struct netns_frags (bnc#1012382).\n\n - inet: frags: better deal with smp races (bnc#1012382).\n\n - inet: frags: break the 2GB limit for frags storage (bnc#1012382).\n\n - inet: frags: change inet_frags_init_net() return value (bnc#1012382).\n\n - inet: frags: do not clone skb in ip_expire() (bnc#1012382).\n\n - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).\n\n - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).\n\n - inet: frags: get rif of inet_frag_evicting() (bnc#1012382).\n\n - inet: frags: refactor ipfrag_init() (bnc#1012382).\n\n - inet: frags: refactor ipv6_frag_init() (bnc#1012382).\n\n - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).\n\n - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).\n\n - inet: frags: remove some helpers (bnc#1012382).\n\n - inet: frags: reorganize struct netns_frags (bnc#1012382).\n\n - inet: frags: use rhashtables for reassembly units (bnc#1012382).\n\n - input: bma150 - register input device after setting private data (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382).\n\n - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382).\n\n - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).\n\n - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382).\n\n - ip: add helpers to process in-order fragments faster (bnc#1012382).\n\n - ip: frags: fix crash in ip_do_fragment() (bnc#1012382).\n\n - ip: process in-order fragments efficiently (bnc#1012382).\n\n - ip: use rb trees for IP frag queue (bnc#1012382).\n\n - ipfrag: really prevent allocation on netns exit (bnc#1012382).\n\n - ipv4: frags: precedence bug in ip_expire() (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382).\n\n - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382).\n\n - kABI: protect linux/kfifo.h include in hid-debug (kabi).\n\n - kABI: protect struct hda_bus (kabi).\n\n - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).\n\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382).\n\n - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).\n\n - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).\n\n - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).\n\n - kvm: x86: Fix single-step debugging (bnc#1012382).\n\n - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).\n\n - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).\n\n - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).\n\n - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).\n\n - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811).\n\n - libnvdimm: Use max contiguous area for namespace size (bsc#1124780).\n\n - libnvdimm: fix ars_status output length calculation (bsc#1124777).\n\n - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382).\n\n - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).\n\n - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382).\n\n - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382).\n\n - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled (bnc#1012382).\n\n - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382).\n\n - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382).\n\n - mips: cm: reprime error cause (bnc#1012382).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).\n\n - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).\n\n - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061).\n\n - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382).\n\n - modpost: validate symbol names also in find_elf_symbol (bnc#1012382).\n\n - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382).\n\n - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).\n\n - net: Fix usage of pskb_trim_rcsum (bnc#1012382).\n\n - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382).\n\n - net: dp83640: expire old TX-skb (bnc#1012382).\n\n - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382).\n\n - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382).\n\n - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382).\n\n - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382).\n\n - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345).\n\n - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382).\n\n - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382).\n\n - net: systemport: Fix WoL with password after deep sleep (bnc#1012382).\n\n - net_sched: refetch skb protocol for each filter (bnc#1012382).\n\n - netrom: switch to sock timer API (bnc#1012382).\n\n - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014).\n\n - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382).\n\n - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382).\n\n - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382).\n\n - ocfs2: do not clear bh uptodate for block read (bnc#1012382).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382).\n\n - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382).\n\n - perf tools: Add Hygon Dhyana support (bnc#1012382).\n\n - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382).\n\n - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382).\n\n - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382).\n\n - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382).\n\n - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).\n\n - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382).\n\n - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810).\n\n - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382).\n\n - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808).\n\n - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382).\n\n - rhashtable: Add rhashtable_lookup() (bnc#1012382).\n\n - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286).\n\n - rhashtable: add schedule points (bnc#1012382).\n\n - rhashtable: reorganize struct rhashtable layout (bnc#1012382).\n\n - s390/early: improve machine detection (bnc#1012382).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382).\n\n - sata_rcar: fix deferred probing (bnc#1012382).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special users (bsc#1050549).\n\n - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n\n - scsi: lpfc: Correct LCB RJT handling (bnc#1012382).\n\n - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796).\n\n - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108).\n\n - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1117108).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).\n\n - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108).\n\n - scsi: mpt3sas:\n Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108).\n\n - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108).\n\n - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108).\n\n - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108).\n\n - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108).\n\n - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108).\n\n - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108).\n\n - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108).\n\n - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108).\n\n - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix sparse warnings (bsc#1117108).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108).\n\n - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108).\n\n - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108).\n\n - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108).\n\n - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108).\n\n - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).\n\n - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108).\n\n - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108).\n\n - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108).\n\n - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108).\n\n - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108).\n\n - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00' (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00' (bsc#1117108).\n\n - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108).\n\n - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108).\n\n - scsi: mpt3sas: check command status before attempting abort (bsc#1117108).\n\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).\n\n - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108).\n\n - scsi: mpt3sas: fix an out of bound write (bsc#1117108).\n\n - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).\n\n - scsi: mpt3sas: fix format overflow warning (bsc#1117108).\n\n - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1117108).\n\n - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' -> 'disable' (bsc#1117108).\n\n - scsi: mpt3sas: lockless command submission (bsc#1117108).\n\n - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108).\n\n - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108).\n\n - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant copy_from_user in\n _ctl_getiocinfo (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant wmb (bsc#1117108).\n\n - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108).\n\n - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108).\n\n - scsi: mpt3sas: set default value for cb_idx (bsc#1117108).\n\n - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108).\n\n - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108).\n\n - scsi: mpt3sas: simplify task management functions (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108).\n\n - scsi: mpt3sas: use list_splice_init() (bsc#1117108).\n\n - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108).\n\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794).\n\n - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).\n\n - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382).\n\n - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382).\n\n - signal: Always notice exiting tasks (bnc#1012382).\n\n - signal: Better detection of synchronous signals (bnc#1012382).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382).\n\n - skge: potential memory corruption in skge_get_regs() (bnc#1012382).\n\n - smack: fix access permissions for keyring (bnc#1012382).\n\n - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382).\n\n - soc/tegra: Do not leak device tree node reference (bnc#1012382).\n\n - staging: iio: ad7780: update voltage on read (bnc#1012382).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bnc#1012382).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382).\n\n - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382).\n\n - test_hexdump: use memcpy instead of strncpy (bnc#1012382).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382).\n\n - timekeeping: Use proper seqcount initializer (bnc#1012382).\n\n - tipc: use destination length for copy string (bnc#1012382).\n\n - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382).\n\n - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).\n\n - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).\n\n - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).\n\n - tty/n_hdlc: fix __might_sleep warning (bnc#1012382).\n\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428).\n\n - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382).\n\n - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).\n\n - tty: Simplify tty->count math in tty_reopen() (bnc#1105428).\n\n - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382).\n\n - ucc_geth: Reset BQL queue when stopping device (bnc#1012382).\n\n - udf: Fix BUG on corrupted inode (bnc#1012382).\n\n - um: Avoid marking pages with 'changed protection' (bnc#1012382).\n\n - usb: dwc2: Remove unnecessary kfree (bnc#1012382).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382).\n\n - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382).\n\n - usb: phy: am335x: fix race condition in _probe (bnc#1012382).\n\n - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382).\n\n - video: clps711x-fb: release disp device node in probe() (bnc#1012382).\n\n - vt: invoke notifier on screen size change (bnc#1012382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382).\n\n - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382).\n\n - x86/a.out: Clear the dump structure initially (bnc#1012382).\n\n - x86/fpu: Add might_fault() to user_insn() (bnc#1012382).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382).\n\n - x86/xen: dont add memory above max allowed allocation (bsc#1117645).\n\n - x86: respect memory size limiting via mem= parameter (bsc#1117645).\n\n - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382).\n\n - xfrm: refine validation of template and selector families (bnc#1012382).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5391", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-274.NASL", "href": "https://www.tenable.com/plugins/nessus/122578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-274.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122578);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-5391\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)\");\n script_summary(english:\"Check for the openSUSE-2019-274 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive\nvarious bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an\n attacker to cause a denial of service attack with low\n rates of packets targeting IP fragment re-assembly.\n (bsc#1103097)\n\n - CVE-2019-7221: Fixed a user-after-free vulnerability in\n the KVM hypervisor related to the emulation of a\n preemption timer, allowing an guest user/process to\n crash the host kernel. (bsc#1124732).\n\n - CVE-2019-7222: Fixed an information leakage in the KVM\n hypervisor related to handling page fault exceptions,\n which allowed a guest user/process to use this flaw to\n leak the host's stack memory contents to a guest\n (bsc#1124735).\n\nThe following non-security bugs were fixed :\n\n - ASoC: Intel: mrfld: fix uninitialized variable access\n (bnc#1012382).\n\n - ASoC: atom: fix a missing check of\n snd_pcm_lib_malloc_pages (bnc#1012382).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on\n i.MX8M (bnc#1012382).\n\n - Documentation/network: reword kernel version reference\n (bnc#1012382).\n\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n\n - IB/rxe: replace kvfree with vfree ().\n\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h\n (bnc#1012382).\n\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413,\n ).\n\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq\n (bsc#1125446).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in\n ASUS Aspire F5-573G' (bnc#1012382).\n\n - Revert 'cifs: In Kconfig CONFIG_CIFS_POSIX needs depends\n on legacy (insecure cifs)' (bnc#1012382).\n\n - Revert 'exec: load_script: do not blindly truncate\n shebang string' (bnc#1012382).\n\n - Revert 'loop: Fix double mutex_unlock(&loop_ctl_mutex)\n in loop_control_ioctl()' (bnc#1012382).\n\n - Revert 'loop: Fold __loop_release into loop_release'\n (bnc#1012382).\n\n - Revert 'loop: Get rid of loop_index_mutex'\n (bnc#1012382).\n\n - Revert 'mmc: bcm2835: Fix DMA channel leak on probe\n error (bsc#1120902).'\n\n - Revert most of 4.4.174 (kabi).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return\n a value (bsc#1124775).\n\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n\n - alpha: fix page fault handling for r16-r18 targets\n (bnc#1012382).\n\n - alsa: compress: Fix stop handling on compressed capture\n streams (bnc#1012382).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5\n (bnc#1012382).\n\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk\n (bnc#1012382).\n\n - arc: perf: map generic branches to correct hardware\n condition (bnc#1012382).\n\n - arm64: KVM: Skip MMIO insn after emulation\n (bnc#1012382).\n\n - arm64: ftrace: do not adjust the LR value (bnc#1012382).\n\n - arm64: hyp-stub: Forbid kprobing of the hyp-stub\n (bnc#1012382).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU\n (bnc#1012382).\n\n - arm: OMAP2+: hwmod: Fix some section annotations\n (bnc#1012382).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers\n after alignment (bnc#1012382).\n\n - arm: dts: Fix OMAP4430 SDP Ethernet startup\n (bnc#1012382).\n\n - arm: dts: da850-evm: Correct the sound card name\n (bnc#1012382).\n\n - arm: dts: kirkwood: Fix polarity of GPIO fan lines\n (bnc#1012382).\n\n - arm: dts: mmp2: fix TWSI2 (bnc#1012382).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).\n\n - arm: pxa: avoid section mismatch warning (bnc#1012382).\n\n - batman-adv: Avoid WARN on net_device without parent in\n netns (bnc#1012382).\n\n - batman-adv: Force mac header to start of data on xmit\n (bnc#1012382).\n\n - bluetooth: Fix unnecessary error message for HCI request\n completion (bnc#1012382).\n\n - bnxt_re: Fix couple of memory leaks that could lead to\n IOMMU call traces (bsc#1020413).\n\n - can: bcm: check timer values before ktime conversion\n (bnc#1012382).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for\n non-existing skb by removing it (bnc#1012382).\n\n - ceph: clear inode pointer when snap realm gets dropped\n by its inode (bsc#1125809).\n\n - char/mwave: fix potential Spectre v1 vulnerability\n (bnc#1012382).\n\n - cifs: Always resolve hostname before reconnecting\n (bnc#1012382).\n\n - cifs: Do not count -ENODATA as failure for query\n directory (bnc#1012382).\n\n - cifs: Fix possible hang during async MTU reads and\n writes (bnc#1012382).\n\n - cifs: Limit memory used by lock request calls to a page\n (bnc#1012382).\n\n - cifs: check ntwrk_buf_start for NULL before\n dereferencing it (bnc#1012382).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed\n (bnc#1012382).\n\n - cpufreq: intel_pstate: Fix HWP on boot CPU after system\n resume (bsc#1120017).\n\n - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer\n (bnc#1012382).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer\n (bnc#1012382).\n\n - cw1200: Fix concurrency use-after-free bugs in\n cw1200_hw_scan() (bnc#1012382).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options()\n (bnc#1012382).\n\n - debugfs: fix debugfs_rename parameter checking\n (bnc#1012382).\n\n - dlm: Do not swamp the CPU with callbacks queued during\n recovery (bnc#1012382).\n\n - dm thin: fix bug where bio that overwrites thin block\n ignores FUA (bnc#1012382).\n\n - dmaengine: imx-dma: fix wrong callback invoke\n (bnc#1012382).\n\n - drbd: Avoid Clang warning about pointless switch\n statment (bnc#1012382).\n\n - drbd: disconnect, if the wrong UUIDs are attached on a\n connected peer (bnc#1012382).\n\n - drbd: narrow rcu_read_lock in drbd_sync_handshake\n (bnc#1012382).\n\n - drbd: skip spurious timeout (ping-timeo) when failing\n promote (bnc#1012382).\n\n - drivers: core: Remove glue dirs from sysfs earlier\n (bnc#1012382).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).\n\n - drm/i915: Block fbdev HPD processing during suspend\n (bsc#1106929)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with\n WC set (bsc#1106929)\n\n - drm/modes: Prevent division by zero htotal\n (bnc#1012382).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1106929)\n\n - drm/vmwgfx: Return error code from\n vmw_execbuf_copy_fence_user (bsc#1106929)\n\n - enic: fix checksum validation for IPv6 (bnc#1012382).\n\n - exec: load_script: do not blindly truncate shebang\n string (bnc#1012382).\n\n - f2fs: fix wrong return value of f2fs_acl_create\n (bnc#1012382).\n\n - f2fs: move dir data flush to write checkpoint process\n (bnc#1012382).\n\n - f2fs: read page index before freeing (bnc#1012382).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in\n shrink_dcache_sb() (bnc#1012382).\n\n - fs/epoll: drop ovflist branch prediction (bnc#1012382).\n\n - fs: add the fsnotify call to vfs_iter_write\n (bnc#1012382).\n\n - fs: do not scan the inode cache before SB_BORN is set\n (bnc#1012382).\n\n - fs: fix lost error code in dio_complete (bsc#1117744).\n\n - fuse: call pipe_buf_release() under pipe lock\n (bnc#1012382).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page\n (bnc#1012382).\n\n - fuse: handle zero sized retrieve correctly\n (bnc#1012382).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bnc#1012382).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bnc#1012382).\n\n - gpio: pl061: handle failed allocations (bnc#1012382).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset\n (bsc#1106929)\n\n - hid: debug: fix the ring buffer implementation\n (bnc#1012382).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register\n (bnc#1012382).\n\n - hwmon: (lm80) Fix missing unlock on error in\n set_fan_div() (git-fixes).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80\n probe (bnc#1012382).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus\n read (bnc#1012382).\n\n - i2c-axxia: check for error conditions first\n (bnc#1012382).\n\n - igb: Fix an issue that PME is not enabled during runtime\n suspend (bnc#1012382).\n\n - inet: frags: add a pointer to struct netns_frags\n (bnc#1012382).\n\n - inet: frags: better deal with smp races (bnc#1012382).\n\n - inet: frags: break the 2GB limit for frags storage\n (bnc#1012382).\n\n - inet: frags: change inet_frags_init_net() return value\n (bnc#1012382).\n\n - inet: frags: do not clone skb in ip_expire()\n (bnc#1012382).\n\n - inet: frags: fix ip6frag_low_thresh boundary\n (bnc#1012382).\n\n - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB\n (bnc#1012382).\n\n - inet: frags: get rif of inet_frag_evicting()\n (bnc#1012382).\n\n - inet: frags: refactor ipfrag_init() (bnc#1012382).\n\n - inet: frags: refactor ipv6_frag_init() (bnc#1012382).\n\n - inet: frags: refactor lowpan_net_frag_init()\n (bnc#1012382).\n\n - inet: frags: remove inet_frag_maybe_warn_overflow()\n (bnc#1012382).\n\n - inet: frags: remove some helpers (bnc#1012382).\n\n - inet: frags: reorganize struct netns_frags\n (bnc#1012382).\n\n - inet: frags: use rhashtables for reassembly units\n (bnc#1012382).\n\n - input: bma150 - register input device after setting\n private data (bnc#1012382).\n\n - input: elan_i2c - add ACPI ID for touchpad in Lenovo\n V330-15ISK (bnc#1012382).\n\n - input: elantech - enable 3rd button support on Fujitsu\n CELSIUS H780 (bnc#1012382).\n\n - input: xpad - add support for SteelSeries Stratus Duo\n (bnc#1012382).\n\n - intel_pstate: Update frequencies of policy->cpus only\n from ->set_policy() (bsc#1120017).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons\n pointer (bnc#1012382).\n\n - ip: add helpers to process in-order fragments faster\n (bnc#1012382).\n\n - ip: frags: fix crash in ip_do_fragment() (bnc#1012382).\n\n - ip: process in-order fragments efficiently\n (bnc#1012382).\n\n - ip: use rb trees for IP frag queue (bnc#1012382).\n\n - ipfrag: really prevent allocation on netns exit\n (bnc#1012382).\n\n - ipv4: frags: precedence bug in ip_expire()\n (bnc#1012382).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to\n an address (bnc#1012382).\n\n - ipv6: frags: rewrite ip6_expire_frag_queue()\n (bnc#1012382).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on\n their size (bnc#1012382).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency\n use-after-free bug in HFCPCI_l1hw() (bnc#1012382).\n\n - kABI: protect linux/kfifo.h include in hid-debug (kabi).\n\n - kABI: protect struct hda_bus (kabi).\n\n - kaweth: use skb_cow_head() to deal with cloned skbs\n (bnc#1012382).\n\n - kernel/exit.c: release ptraced tasks before\n zap_pid_ns_processes (bnc#1012382).\n\n - kernel/hung_task.c: break RCU locks based on jiffies\n (bnc#1012382).\n\n - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode()\n (bsc#1124166).\n\n - kvm: VMX: Missing part of upstream commit 904e14fb7cb9\n (bsc#1124166).\n\n - kvm: x86: Fix single-step debugging (bnc#1012382).\n\n - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as\n unsupported (bnc#1012382).\n\n - l2tp: copy 4 more bytes to linear part if necessary\n (bnc#1012382).\n\n - l2tp: fix reading optional fields of L2TPv3\n (bnc#1012382).\n\n - l2tp: remove l2specific_len dependency in l2tp_core\n (bnc#1012382).\n\n - libceph: avoid KEEPALIVE_PENDING races in\n ceph_con_keepalive() (bsc#1125810).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other\n regions (bsc#1124811).\n\n - libnvdimm: Use max contiguous area for namespace size\n (bsc#1124780).\n\n - libnvdimm: fix ars_status output length calculation\n (bsc#1124777).\n\n - locking/rwsem: Fix (possible) missed wakeup\n (bsc#1050549).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for\n encryption (bnc#1012382).\n\n - mac80211: fix radiotap vendor presence bitmap handling\n (bnc#1012382).\n\n - media: DaVinci-VPBE: fix error handling in\n vpbe_initialize() (bnc#1012382).\n\n - memstick: Prevent memstick host from getting runtime\n suspended during card detection (bnc#1012382).\n\n - mips: OCTEON: do not set octeon_dma_bar_type if PCI is\n disabled (bnc#1012382).\n\n - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds\n builds (bnc#1012382).\n\n - mips: bpf: fix encoding bug for mm_srlv32_op\n (bnc#1012382).\n\n - mips: cm: reprime error cause (bnc#1012382).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec()\n (bnc#1012382).\n\n - mm, oom: fix use-after-free in oom_kill_process\n (bnc#1012382).\n\n - mm, page_alloc: drop should_suppress_show_mem\n (bnc#1125892, bnc#1106061).\n\n - mm: migrate: do not rely on __PageMovable() of newpage\n after unlocking it (bnc#1012382).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error\n (bsc#1120902).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during\n probe (bnc#1012382).\n\n - modpost: validate symbol names also in find_elf_symbol\n (bnc#1012382).\n\n - mtd: rawnand: gpmi: fix MX28 bus master lockup problem\n (bnc#1012382).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps\n (bnc#1012382).\n\n - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).\n\n - net: Fix usage of pskb_trim_rcsum (bnc#1012382).\n\n - net: bridge: Fix ethernet header pointer before check\n skb forwardable (bnc#1012382).\n\n - net: dp83640: expire old TX-skb (bnc#1012382).\n\n - net: dsa: slave: Do not propagate flag changes on down\n slave interfaces (bnc#1012382).\n\n - net: fix pskb_trim_rcsum_slow() with odd trim offset\n (bnc#1012382).\n\n - net: ieee802154: 6lowpan: fix frag reassembly\n (bnc#1012382).\n\n - net: ipv4: Fix memory leak in network namespace\n dismantle (bnc#1012382).\n\n - net: ipv4: do not handle duplicate fragments as\n overlapping (bnc#1012382 bsc#1116345).\n\n - net: modify skb_rbtree_purge to return the truesize of\n all purged skbs (bnc#1012382).\n\n - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends\n (bnc#1012382).\n\n - net: systemport: Fix WoL with password after deep sleep\n (bnc#1012382).\n\n - net_sched: refetch skb protocol for each filter\n (bnc#1012382).\n\n - netrom: switch to sock timer API (bnc#1012382).\n\n - nfit: fix unchecked dereference in acpi_nfit_ctl\n (bsc#1125014).\n\n - nfs: nfs_compare_mount_options always compare auth\n flavors (bnc#1012382).\n\n - nfsd4: fix crash on writing v4_end_grace before nfsd\n startup (bnc#1012382).\n\n - niu: fix missing checks of niu_pci_eeprom_read\n (bnc#1012382).\n\n - ocfs2: do not clear bh uptodate for block read\n (bnc#1012382).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs\n (bnc#1012382).\n\n - perf tests evsel-tp-sched: Fix bitwise operator\n (bnc#1012382).\n\n - perf tools: Add Hygon Dhyana support (bnc#1012382).\n\n - perf unwind: Take pgoff into account when reporting elf\n to libdwfl (bnc#1012382).\n\n - perf unwind: Unwind with libdw does not take symfs into\n account (bnc#1012382).\n\n - perf/core: Do not WARN() for impossible ring-buffer\n sizes (bnc#1012382).\n\n - perf/core: Fix impossible ring-buffer sizes warning\n (bnc#1012382).\n\n - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).\n\n - pinctrl: msm: fix gpio-hog related boot issues\n (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34\n scan codes (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK\n (bnc#1012382).\n\n - platform/x86: thinkpad_acpi: Proper model/release\n matching (bsc#1099810).\n\n - powerpc/pseries: add of_node_put() in\n dlpar_detach_node() (bnc#1012382).\n\n - powerpc/uaccess: fix warning/error with access_ok()\n (bnc#1012382).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl\n (bnc#1012382).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING\n is set (bsc#1125808).\n\n - rcu: Force boolean subscript for expedited stall\n warnings (bnc#1012382).\n\n - rhashtable: Add rhashtable_lookup() (bnc#1012382).\n\n - rhashtable: add rhashtable_lookup_get_insert_key()\n (bnc#1012382 bsc#1042286).\n\n - rhashtable: add schedule points (bnc#1012382).\n\n - rhashtable: reorganize struct rhashtable layout\n (bnc#1012382).\n\n - s390/early: improve machine detection (bnc#1012382).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU\n (bnc#1012382).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan\n (bnc#1012382).\n\n - sata_rcar: fix deferred probing (bnc#1012382).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q\n (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special\n users (bsc#1050549).\n\n - scripts/decode_stacktrace: only strip base path when a\n prefix of the path (bnc#1012382).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi\n 5.0/scsi-fixes\n\n - scsi: lpfc: Correct LCB RJT handling (bnc#1012382).\n\n - scsi: lpfc: Correct MDS diag and nvmet configuration\n (bsc#1125796).\n\n - scsi: mpt3sas: API 's to support NVMe drive addition to\n SML (bsc#1117108).\n\n - scsi: mpt3sas: API's to remove nvme drive from sml\n (bsc#1117108).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda\n (bsc#1117108).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1117108).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros\n (bsc#1117108).\n\n - scsi: mpt3sas: Add nvme device support in slave alloc,\n target alloc and probe (bsc#1117108).\n\n - scsi: mpt3sas:\n Add-Task-management-debug-info-for-NVMe-drives\n (bsc#1117108).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery\n Error Event (bsc#1117108).\n\n - scsi: mpt3sas: Added support for nvme encapsulated\n request message (bsc#1117108).\n\n - scsi: mpt3sas: Adding support for SAS3616 HBA device\n (bsc#1117108).\n\n - scsi: mpt3sas: Allow processing of events during driver\n unload (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through\n (bsc#1117108).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue\n for SAS3.5 controllers when HBA supports more than 16\n MSI-x vectors (bsc#1117108).\n\n - scsi: mpt3sas: Bug fix for big endian systems\n (bsc#1117108).\n\n - scsi: mpt3sas: Bump mpt3sas driver version to\n v16.100.00.00 (bsc#1117108).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure\n add (bsc#1117108).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and\n sgl tablesize (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and\n reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT\n without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level>\n with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with\n MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Display chassis slot information of the\n drive (bsc#1117108).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives\n while processing Async Broadcast primitive event\n (bsc#1117108).\n\n - scsi: mpt3sas: Do not access the structure after\n decrementing it's instance reference count\n (bsc#1117108).\n\n - scsi: mpt3sas: Do not use 32-bit atomic request\n descriptor for Ventura controllers (bsc#1117108).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in\n mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix calltrace observed while running IO &\n reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Fix memory allocation failure test in\n 'mpt3sas_base_attach()' (bsc#1117108).\n\n - scsi: mpt3sas: Fix nvme drives checking for tlr\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix possibility of using invalid\n Enclosure Handle for SAS device after host reset\n (bsc#1117108).\n\n - scsi: mpt3sas: Fix removal and addition of vSES device\n during host reset (bsc#1117108).\n\n - scsi: mpt3sas: Fix sparse warnings (bsc#1117108).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and\n other internal commands during controller reset\n (bsc#1117108).\n\n - scsi: mpt3sas: Fixed memory leaks in driver\n (bsc#1117108).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level\n reset (bsc#1117108).\n\n - scsi: mpt3sas: Handle NVMe PCIe device related events\n generated from firmware (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Incorrect command status was set/marked\n as not used (bsc#1117108).\n\n - scsi: mpt3sas: Increase event log buffer to support 24\n port HBA's (bsc#1117108).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer\n address (bsc#1117108).\n\n - scsi: mpt3sas: Introduce Base function for cloning\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce function to clone mpi request\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid()\n (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd\n (bsc#1117108).\n\n - scsi: mpt3sas: Lockless access for chain buffers\n (bsc#1117108).\n\n - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl\n command and log info (bsc#1117108).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver\n (bsc#1117108).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot\n time (bsc#1117108).\n\n - scsi: mpt3sas: Processing of Cable Exception events\n (bsc#1117108).\n\n - scsi: mpt3sas: Reduce memory footprint in kdump kernel\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and\n simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused variable requeue_event\n (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA\n Driver (bsc#1117108).\n\n - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe\n devices (bsc#1117108).\n\n - scsi: mpt3sas: Set NVMe device queue depth as 128\n (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(),\n mpt3sas_scsih_reset_handler() and\n mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu\n endianness (bsc#1117108).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00'\n (bsc#1117108).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00'\n (bsc#1117108).\n\n - scsi: mpt3sas: Update mpt3sas driver version\n (bsc#1117108).\n\n - scsi: mpt3sas: Updated MPI headers to v2.00.48\n (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mpt3sas: always use first reserved smid for ioctl\n passthrough (bsc#1117108).\n\n - scsi: mpt3sas: check command status before attempting\n abort (bsc#1117108).\n\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).\n\n - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event()\n (bsc#1117108).\n\n - scsi: mpt3sas: fix an out of bound write (bsc#1117108).\n\n - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).\n\n - scsi: mpt3sas: fix format overflow warning\n (bsc#1117108).\n\n - scsi: mpt3sas: fix oops in error handlers after\n shutdown/unload (bsc#1117108).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1117108).\n\n - scsi: mpt3sas: fix pr_info message continuation\n (bsc#1117108).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' ->\n 'disable' (bsc#1117108).\n\n - scsi: mpt3sas: lockless command submission\n (bsc#1117108).\n\n - scsi: mpt3sas: make function _get_st_from_smid static\n (bsc#1117108).\n\n - scsi: mpt3sas: open-code _scsih_scsi_lookup_get()\n (bsc#1117108).\n\n - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant copy_from_user in\n _ctl_getiocinfo (bsc#1117108).\n\n - scsi: mpt3sas: remove redundant wmb (bsc#1117108).\n\n - scsi: mpt3sas: scan and add nvme device after controller\n reset (bsc#1117108).\n\n - scsi: mpt3sas: separate out _base_recovery_check()\n (bsc#1117108).\n\n - scsi: mpt3sas: set default value for cb_idx\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify _wait_for_commands_to_complete()\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm()\n (bsc#1117108).\n\n - scsi: mpt3sas: simplify task management functions\n (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: switch to pci_alloc_irq_vectors\n (bsc#1117108).\n\n - scsi: mpt3sas: use list_splice_init() (bsc#1117108).\n\n - scsi: mpt3sas: wait for and flush running commands on\n shutdown/unload (bsc#1117108).\n\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock\n (bsc#1125794).\n\n - scsi: target: make the pi_prot_format ConfigFS path\n readable (bsc#1123933).\n\n - sd: disable logical block provisioning if 'lbpme' is not\n set (bsc#1086095 bsc#1078355).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer\n (bnc#1012382).\n\n - serial: fsl_lpuart: clear parity enable bit when disable\n parity (bnc#1012382).\n\n - signal: Always notice exiting tasks (bnc#1012382).\n\n - signal: Better detection of synchronous signals\n (bnc#1012382).\n\n - signal: Restore the stop PTRACE_EVENT_EXIT\n (bnc#1012382).\n\n - skge: potential memory corruption in skge_get_regs()\n (bnc#1012382).\n\n - smack: fix access permissions for keyring (bnc#1012382).\n\n - smsc95xx: Use skb_cow_head to deal with cloned skbs\n (bnc#1012382).\n\n - soc/tegra: Do not leak device tree node reference\n (bnc#1012382).\n\n - staging: iio: ad7780: update voltage on read\n (bnc#1012382).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bnc#1012382).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121\n rev B1 (bnc#1012382).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure\n (bnc#1012382).\n\n - sunvdc: Do not spin in an infinite loop when\n vio_ldc_send() returns EAGAIN (bnc#1012382).\n\n - test_hexdump: use memcpy instead of strncpy\n (bnc#1012382).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON\n is not set (bnc#1012382).\n\n - timekeeping: Use proper seqcount initializer\n (bnc#1012382).\n\n - tipc: use destination length for copy string\n (bnc#1012382).\n\n - tracing/uprobes: Fix output for multiple string\n arguments (bnc#1012382).\n\n - tty/ldsem: Add lockdep asserts for ldisc_sem\n (bnc#1105428).\n\n - tty/ldsem: Convert to regular lockdep annotations\n (bnc#1105428).\n\n - tty/ldsem: Decrement wait_readers on timeouted\n down_read() (bnc#1105428).\n\n - tty/n_hdlc: fix __might_sleep warning (bnc#1012382).\n\n - tty: Do not block on IO when ldisc change is pending\n (bnc#1105428).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc\n present (bnc#1105428).\n\n - tty: Handle problem if line discipline does not have\n receive_buf (bnc#1012382).\n\n - tty: Hold tty_ldisc_lock() during tty_reopen()\n (bnc#1105428).\n\n - tty: Simplify tty->count math in tty_reopen()\n (bnc#1105428).\n\n - tty: fix data race between tty_init_dev and flush of buf\n (bnc#1105428).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode\n (bnc#1012382).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define\n (bnc#1012382).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr\n (bnc#1012382).\n\n - ucc_geth: Reset BQL queue when stopping device\n (bnc#1012382).\n\n - udf: Fix BUG on corrupted inode (bnc#1012382).\n\n - um: Avoid marking pages with 'changed protection'\n (bnc#1012382).\n\n - usb: dwc2: Remove unnecessary kfree (bnc#1012382).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean\n operations (bnc#1012382).\n\n - usb: hub: delay hub autosuspend if USB3 port is still\n link training (bnc#1012382).\n\n - usb: phy: am335x: fix race condition in _probe\n (bnc#1012382).\n\n - usb: serial: pl2303: add new PID to support PL2303TB\n (bnc#1012382).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device\n id (bnc#1012382).\n\n - video: clps711x-fb: release disp device node in probe()\n (bnc#1012382).\n\n - vt: invoke notifier on screen size change (bnc#1012382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal\n error in mce_no_way_out() (bnc#1012382).\n\n - x86/PCI: Fix Broadcom CNB20LE unintended sign extension\n (redux) (bnc#1012382).\n\n - x86/a.out: Clear the dump structure initially\n (bnc#1012382).\n\n - x86/fpu: Add might_fault() to user_insn() (bnc#1012382).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters\n (bnc#1012382).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS\n calls (bnc#1012382).\n\n - x86/xen: dont add memory above max allowed allocation\n (bsc#1117645).\n\n - x86: respect memory size limiting via mem= parameter\n (bsc#1117645).\n\n - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi\n (bnc#1012382).\n\n - xfrm: refine validation of template and selector\n families (bnc#1012382).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7221\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.175-89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.175-89.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:31:47", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1473 advisory.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:1473)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "cpe:/o:redhat:rhel_e4s:7.3", "cpe:/o:redhat:rhel_tus:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-1473.NASL", "href": "https://www.tenable.com/plugins/nessus/135461", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1473. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135461);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-17666\");\n script_xref(name:\"RHSA\", value:\"2020:1473\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:1473)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1473 advisory.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1473');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/os',\n 'content/tus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-514.74.1.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.74.1.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:44:31", "description": "The 5.3.7 update contains a number of important fixes across the tree.\nThe update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666 ) security vulnerability regarding a buffer overflow in a Realtek wireless driver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-25T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel / kernel-tools (2019-6a67ff8793)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17666"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-6A67FF8793.NASL", "href": "https://www.tenable.com/plugins/nessus/130237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6a67ff8793.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130237);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-17666\");\n script_xref(name:\"FEDORA\", value:\"2019-6a67ff8793\");\n\n script_name(english:\"Fedora 31 : kernel / kernel-tools (2019-6a67ff8793)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.3.7 update contains a number of important fixes across the tree.\nThe update also includes a fix for the\n[CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666\n) security vulnerability regarding a buffer overflow in a Realtek\nwireless driver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/CVE-2019-17666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a67ff8793\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-17666\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-6a67ff8793\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.3.7-301.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"kernel-tools-5.3.7-300.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-tools\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:23:53", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758).\n\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed. (bnc#1124732).\n\n - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests.\n (bnc#1124735).\n\n - CVE-2019-6974: A use-after-free in the KVM device control API was fixed. (bnc#1124728).\n\n - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).\n\n - 9p: clear dangling pointers in p9stat_free (bsc#1051510).\n\n - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).\n\n - 9p/net: put a lower bound on msize (bsc#1051510).\n\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n\n - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).\n\n - acpi/nfit: Fix command-supported detection (bsc#1051510).\n\n - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662).\n\n - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969).\n\n - ACPI: power: Skip duplicate power resource references in\n _PRx (bsc#1051510).\n\n - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).\n\n - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).\n\n - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510).\n\n - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).\n\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).\n\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n\n - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).\n\n - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510).\n\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n\n - alsa: hda - Use standard device registration for beep (bsc#1122944).\n\n - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).\n\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510).\n\n - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).\n\n - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927).\n\n - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510).\n\n - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510).\n\n - arm/arm64: kvm:vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510).\n\n - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).\n\n - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510).\n\n - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).\n\n - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510).\n\n - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n\n - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).\n\n - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04).\n\n - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252).\n\n - blkdev: avoid migration stalls for blkdev pages (bsc#1084216).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).\n\n - block: break discard submissions into the user defined size (git-fixes).\n\n - block: cleanup __blkdev_issue_discard() (git-fixes).\n\n - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes).\n\n - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).\n\n - block: fix infinite loop if the device loses discard capability (git-fixes).\n\n - block: make sure discard bio is aligned with logical block size (git-fixes).\n\n - block: make sure writesame bio is aligned with logical block size (git-fixes).\n\n - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323).\n\n - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).\n\n - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323).\n\n - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).\n\n - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323).\n\n - bonding: update nest level on unlink (git-fixes).\n\n - bsg: allocate sense buffer if requested (bsc#1106811).\n\n - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324).\n\n - can: bcm: check timer values before ktime conversion (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510).\n\n - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).\n\n - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).\n\n - checkstack.pl: fix for aarch64 (bsc#1051510).\n\n - cifs: add missing debug entries for kconfig options (bsc#1051510).\n\n - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510).\n\n - cifs: add sha512 secmech (bsc#1051510).\n\n - cifs: Add support for reading attributes on SMB2+ (bsc#1051510).\n\n - cifs: Add support for writing attributes on SMB2+ (bsc#1051510).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).\n\n - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510).\n\n - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510).\n\n - cifs: Fix separator when building path from dentry (bsc#1051510).\n\n - cifs: fix set info (bsc#1051510).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n\n - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510).\n\n - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).\n\n - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).\n\n - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n\n - clk: imx6q: reset exclusive gates on init (bsc#1051510).\n\n - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).\n\n - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510).\n\n - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n\n - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).\n\n - Cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).\n\n - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510).\n\n - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).\n\n - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).\n\n - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).\n\n - crypto: user - support incremental algorithm dumps (bsc#1120902).\n\n - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510).\n\n - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510).\n\n - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).\n\n - dlm: possible memory leak on error path in create_lkb() (bsc#1051510).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).\n\n - dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n\n - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).\n\n - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).\n\n - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510).\n\n - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes).\n\n - dm: call blk_queue_split() to impose device limits on bios (git-fixes).\n\n - dm: do not allow readahead to limit IO size (git-fixes).\n\n - dm thin: send event about thin-pool state change _after_ making it (git-fixes).\n\n - dm zoned: Fix target BIO completion handling (git-fixes).\n\n - Do not log expected error on DFS referral request (bsc#1051510).\n\n - driver core: Move async_synchronize_full call (bsc#1051510).\n\n - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).\n\n - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).\n\n - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - drivers/sbus/char: add of_node_put() (bsc#1051510).\n\n - drivers/tty: add missing of_node_put() (bsc#1051510).\n\n - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n\n - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722)\n\n - drm/i915/gvt: Fix mmap range check (bsc#1120902)\n\n - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902)\n\n - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).\n\n - exportfs: do not read dentry after free (bsc#1051510).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - fanotify: fix handling of events on child sub-directory (bsc#1122019).\n\n - fat: validate ->i_start before using (bsc#1051510).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).\n\n - fork: do not copy inconsistent signal handler state to child (bsc#1051510).\n\n - fork: record start_time late (git-fixes).\n\n - fork: unconditionally clear stack on fork (git-fixes).\n\n - fs/cifs: require sha512 (bsc#1051510).\n\n - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510).\n\n - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).\n\n - gpio: pl061: handle failed allocations (bsc#1051510).\n\n - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).\n\n - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n\n - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04).\n\n - hfs: do not free node before using (bsc#1051510).\n\n - hfsplus: do not free node before using (bsc#1051510).\n\n - hfsplus: prevent btree data loss on root split (bsc#1051510).\n\n - hfs: prevent btree data loss on root split (bsc#1051510).\n\n - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510).\n\n - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662).\n\n - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662).\n\n - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662).\n\n - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04).\n\n - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n\n - ibmvnic: Increase maximum queue size limit (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bsc#1051510).\n\n - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510).\n\n - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510).\n\n - input: raspberrypi-ts - fix link error (git-fixes).\n\n - input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n\n - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510).\n\n - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).\n\n - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).\n\n - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes).\n\n - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12).\n\n - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12).\n\n - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04).\n\n - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12).\n\n - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).\n\n - ip: validate header length on virtual device xmit (networking-stable-19_01_04).\n\n - iscsi target: fix session creation failure handling (bsc#1051510).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).\n\n - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n\n - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510).\n\n - kABI: fix xhci kABI stability (bsc#1119086).\n\n - kABI: protect struct sctp_association (kabi).\n\n - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).\n\n - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).\n\n - kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes).\n\n - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155).\n\n - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589).\n\n - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).\n\n - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n\n - lan78xx: Resolve issue with changing MAC address (bsc#1051510).\n\n - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n\n - lib/rbtree-test: lower default params (git-fixes).\n\n - lockd: fix access beyond unterminated strings in prints (git-fixes).\n\n - LSM: Check for NULL cred-security on free (bsc#1051510).\n\n - md: fix raid10 hang issue caused by barrier (git-fixes).\n\n - media: firewire: Fix app_info parameter type in avc_ca(,_app)_info (bsc#1051510).\n\n - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610).\n\n - media: v4l2-tpg: array index could become negative (bsc#1051510).\n\n - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).\n\n - media: vb2: be sure to unlock mutex on errors (bsc#1051510).\n\n - media: vb2: vb2_mmap: move lock up (bsc#1051510).\n\n - media: vivid: fix error handling of kthread_run (bsc#1051510).\n\n - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510).\n\n - media: vivid: set min width/height to a value > 0 (bsc#1051510).\n\n - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510).\n\n - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).\n\n - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510).\n\n - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n\n - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).\n\n - misc: sram: enable clock before registering regions (bsc#1051510).\n\n - misc: sram: fix resource leaks in probe error path (bsc#1051510).\n\n - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).\n\n - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510).\n\n - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n\n - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216).\n\n - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216)\n\n - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).\n\n - mm: migration: factor out code to compute expected number of page references (bsc#1084216).\n\n - Move the upstreamed HD-audio fix into sorted section\n\n - mpt3sas: check sense buffer before copying sense data (bsc#1106811).\n\n - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12).\n\n - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04).\n\n - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353).\n\n - net: hns3: add handling for big TX fragment (bsc#1104353 ).\n\n - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353).\n\n - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).\n\n - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).\n\n - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).\n\n - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).\n\n - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).\n\n - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n\n - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n\n - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353).\n\n - net: macb: restart tx after tx used bit read (networking-stable-19_01_04).\n\n - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12).\n\n - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04).\n\n - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).\n\n - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12).\n\n - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04).\n\n - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).\n\n - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03).\n\n - net/smc: fix TCP fallback socket release (networking-stable-19_01_04).\n\n - net: stmmac: Fix PCI module removal leak (git-fixes).\n\n - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03).\n\n - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03).\n\n - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04).\n\n - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes).\n\n - nfsd: Fix an Oops in free_session() (git-fixes).\n\n - nfs: Fix a missed page unlock after pg_doio() (git-fixes).\n\n - NFS: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes).\n\n - NFSv4.1: Fix the r/wsize checking (git-fixes).\n\n - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme-multipath: round-robin I/O policy (bsc#1110705).\n\n - omap2fb: Fix stack memory disclosure (bsc#1120902)\n\n - packet: Do not leak dev refcounts on error exit (git-fixes).\n\n - packet: validate address length if non-zero (networking-stable-19_01_04).\n\n - packet: validate address length (networking-stable-19_01_04).\n\n - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n\n - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510).\n\n - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n\n - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121).\n\n - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121).\n\n - powerpc: Remove facility loadups on transactional (fp, vec, vsx) unavailable (bsc#1118338).\n\n - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n\n - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).\n\n - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).\n\n - powerpc/tm: Fix comment (bsc#1118338).\n\n - powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n\n - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).\n\n - powerpc/tm: Fix HTM documentation (bsc#1118338).\n\n - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).\n\n - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338).\n\n - powerpc/tm: Print 64-bits MSR (bsc#1118338).\n\n - powerpc/tm: Print scratch value (bsc#1118338).\n\n - powerpc/tm: Reformat comments (bsc#1118338).\n\n - powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n\n - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338).\n\n - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n\n - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955).\n\n - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).\n\n - powerpc/tm: Update function prototype comment (bsc#1118338).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n\n - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).\n\n - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510).\n\n - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).\n\n - pstore/ram: Do not treat empty buffers as valid (bsc#1051510).\n\n - ptp_kvm: probe for kvm guest availability (bsc#1098382).\n\n - ptr_ring: wrap back ->producer in\n __ptr_ring_swap_queue() (networking-stable-19_01_04).\n\n - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).\n\n - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04).\n\n - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04).\n\n - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04).\n\n - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03).\n\n - RDMA/core: Fix unwinding flow in case of error to register device (bsc#1046306).\n\n - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510).\n\n - rpm/release-projects: Add SUSE:Maintenance:* for MU kernels (bsc#1123317)\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12).\n\n - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061).\n\n - sbus: char: add of_node_put() (bsc#1051510).\n\n - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n\n - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n\n - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712).\n\n - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985).\n\n - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04).\n\n - sctp: kfree_rcu asoc (networking-stable-18_12_12).\n\n - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579).\n\n - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).\n\n - selinux: fix GPF on invalid policy (bsc#1051510).\n\n - serial: imx: fix error handling in console_setup (bsc#1051510).\n\n - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).\n\n - serial/sunsu: fix refcount leak (bsc#1051510).\n\n - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510).\n\n - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n\n - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n\n - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes).\n\n - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)).\n\n - smb3.1.1 dialect is no longer experimental (bsc#1051510).\n\n - smb311: Fix reconnect (bsc#1051510).\n\n - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510).\n\n - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510).\n\n - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510).\n\n - smb3: check for and properly advertise directory lease support (bsc#1051510).\n\n - smb3: directory sync should not return an error (bsc#1051510).\n\n - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510).\n\n - smb3: do not request leases in symlink creation and query (bsc#1051510).\n\n - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510).\n\n - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510).\n\n - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).\n\n - smb3: Fix root directory when server returns inode number of zero (bsc#1051510).\n\n - smb3: fix various xid leaks (bsc#1051510).\n\n - smb3: Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510).\n\n - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510).\n\n - smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510).\n\n - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510).\n\n - sunrpc: correct the computation for page_ptr when truncating (git-fixes).\n\n - sunrpc: Fix a potential race in xprt_connect() (git-fixes).\n\n - sunrpc: Fix leak of krb5p encode pages (git-fixes).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n\n - sunrpc: safely reallow resvport min/max inversion (git-fixes).\n\n - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).\n\n - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).\n\n - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).\n\n - tcp: lack of available data can also cause TSO defer (git-fixes).\n\n - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).\n\n - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04).\n\n - tipc: fix a double kfree_skb() (networking-stable-19_01_04).\n\n - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).\n\n - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n\n - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510).\n\n - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n\n - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510).\n\n - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).\n\n - uart: Fix crash in uart_write and uart_put_char (bsc#1051510).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).\n\n - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902).\n\n - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03).\n\n - usb: serial: option: add Fibocom NL678 series (bsc#1120902).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902).\n\n - usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n\n - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902).\n\n - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086).\n\n - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04).\n\n - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03).\n\n - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12).\n\n - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04).\n\n - vt: invoke notifier on screen size change (bsc#1051510).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).\n\n - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n\n - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279).\n\n - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279).\n\n - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279).\n\n - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279).\n\n - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279).\n\n - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).\n\n - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).\n\n - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279).\n\n - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279).\n\n - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).\n\n - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).\n\n - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n\n - xen: Fix x86 sched_clock() interface for xen (bsc#1098382).\n\n - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854).\n\n - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).\n\n - xprtrdma: Reset credit grant properly after a disconnect (git-fixes).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-203.NASL", "href": "https://www.tenable.com/plugins/nessus/122303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-203.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122303);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)\");\n script_summary(english:\"Check for the openSUSE-2019-203 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two information leaks in\n the bluetooth stack were fixed. (bnc#1120758).\n\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer\n was fixed. (bnc#1124732).\n\n - CVE-2019-7222: A information leak in exception handling\n in KVM could be used to expose host memory to guests.\n (bnc#1124735).\n\n - CVE-2019-6974: A use-after-free in the KVM device\n control API was fixed. (bnc#1124728).\n\n - CVE-2018-20669: Missing access control checks in ioctl\n of gpu/drm/i915 driver were fixed which might have lead\n to information leaks. (bnc#1122971).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix\n panic (bsc#1051510).\n\n - 9p: clear dangling pointers in p9stat_free\n (bsc#1051510).\n\n - 9p locks: fix glock.client_id leak in do_lock\n (bsc#1051510).\n\n - 9p/net: put a lower bound on msize (bsc#1051510).\n\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n\n - acpi, nfit: Fix Address Range Scrub completion tracking\n (bsc#1124969).\n\n - acpi/nfit: Fix command-supported detection\n (bsc#1051510).\n\n - acpi/nfit: Fix race accessing memdev in\n nfit_get_smbios_id() (bsc#1122662).\n\n - acpi/nfit: Fix user-initiated ARS to be 'ARS-long'\n rather than 'ARS-short' (bsc#1124969).\n\n - ACPI: power: Skip duplicate power resource references in\n _PRx (bsc#1051510).\n\n - Add delay-init quirk for Corsair K70 RGB keyboards\n (bsc#1087092).\n\n - af_iucv: Move sockaddr length checks to before accessing\n sa_family in bind and connect handlers (bsc#1051510).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble\n (bsc#1051510).\n\n - alsa: compress: Fix stop handling on compressed capture\n streams (bsc#1051510).\n\n - alsa: hda - Add mute LED support for HP ProBook 470 G5\n (bsc#1051510).\n\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI\n (bsc#1051510).\n\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n\n - alsa: hda/realtek - Fix lose hp_pins for disable auto\n mute (bsc#1051510).\n\n - alsa: hda/realtek - Use a common helper for hp pin\n reference (bsc#1051510).\n\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n\n - alsa: hda - Use standard device registration for beep\n (bsc#1122944).\n\n - alsa: oxfw: add support for APOGEE duet FireWire\n (bsc#1051510).\n\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD\n support (bsc#1051510).\n\n - alsa: usb-audio: Add support for new T+A USB DAC\n (bsc#1051510).\n\n - amd-xgbe: Fix mdio access for non-zero ports and clause\n 45 PHYs (bsc#1122927).\n\n - arm: 8802/1: Call syscall_trace_exit even when system\n call skipped (bsc#1051510).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range()\n unaligned address handling (bsc#1051510).\n\n - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7\n counterpart (bsc#1051510).\n\n - arm/arm64: kvm:vgic: Force VM halt when changing the\n active state of GICv3 PPIs/SGIs (bsc#1051510).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers\n after alignment (bsc#1051510).\n\n - arm: cns3xxx: Use actual size reads for PCIe\n (bsc#1051510).\n\n - arm: imx: update the cpu power up timing setting on\n i.mx6sx (bsc#1051510).\n\n - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one\n (bsc#1051510).\n\n - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt\n (bsc#1051510).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized\n field (bsc#1051510).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on\n omap44xx_prm_enable_io_wakeup (bsc#1051510).\n\n - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n\n - ASoC: rt5514-spi: Fix potential NULL pointer dereference\n (bsc#1051510).\n\n - ax25: fix a use-after-free in ax25_fillin_cb()\n (networking-stable-19_01_04).\n\n - be2net: do not flip hw_features when VXLANs are\n added/deleted (bsc#1050252).\n\n - blkdev: avoid migration stalls for blkdev pages\n (bsc#1084216).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle()\n (bsc#1051510).\n\n - block: break discard submissions into the user defined\n size (git-fixes).\n\n - block: cleanup __blkdev_issue_discard() (git-fixes).\n\n - block: do not deal with discard limit in\n blkdev_issue_discard() (git-fixes).\n\n - block: fix 32 bit overflow in __blkdev_issue_discard()\n (git-fixes).\n\n - block: fix infinite loop if the device loses discard\n capability (git-fixes).\n\n - block: make sure discard bio is aligned with logical\n block size (git-fixes).\n\n - block: make sure writesame bio is aligned with logical\n block size (git-fixes).\n\n - block/swim3: Fix -EBUSY error when re-opening device\n after unmount (git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE\n transactions (bsc#1086323).\n\n - bnx2x: Clear fip MAC when fcoe offload support is\n disabled (bsc#1086323).\n\n - bnx2x: Fix NULL pointer dereference in\n bnx2x_del_all_vlans() on some hw (bsc#1086323).\n\n - bnx2x: Remove configured vlans as part of unload\n sequence (bsc#1086323).\n\n - bnx2x: Send update-svid ramrod with retry/poll flags\n enabled (bsc#1086323).\n\n - bonding: update nest level on unlink (git-fixes).\n\n - bsg: allocate sense buffer if requested (bsc#1106811).\n\n - btrfs: qgroup: Fix root item corruption when multiple\n same source snapshots are created with quota enabled\n (bsc#1122324).\n\n - can: bcm: check timer values before ktime conversion\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for\n non-existing skb by removing it (bsc#1051510).\n\n - can: gw: ensure DLC boundaries after CAN frame\n modification (bsc#1051510).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek\n Preloader (bsc#1051510).\n\n - char/mwave: fix potential Spectre v1 vulnerability\n (bsc#1051510).\n\n - checkstack.pl: fix for aarch64 (bsc#1051510).\n\n - cifs: add missing debug entries for kconfig options\n (bsc#1051510).\n\n - cifs: add missing support for ACLs in SMB 3.11\n (bsc#1051510).\n\n - cifs: add sha512 secmech (bsc#1051510).\n\n - cifs: Add support for reading attributes on SMB2+\n (bsc#1051510).\n\n - cifs: Add support for writing attributes on SMB2+\n (bsc#1051510).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS\n (bsc#1051510).\n\n - cifs: Do not modify mid entry after submitting I/O in\n cifs_call_async (bsc#1051510).\n\n - cifs: Fix error mapping for SMB2_LOCK command which\n caused OFD lock problem (bsc#1051510).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510).\n\n - cifs: Fix separator when building path from dentry\n (bsc#1051510).\n\n - cifs: fix set info (bsc#1051510).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release\n (bsc#1051510).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n\n - cifs: For SMB2 security informaion query, check for\n minimum sized security descriptor instead of sizeof\n FileAllInformation class (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510).\n\n - cifs: make 'nodfs' mount opt a superblock flag\n (bsc#1051510).\n\n - cifs: prevent integer overflow in nxt_dir_entry()\n (bsc#1051510).\n\n - cifs: prototype declaration and definition for smb 2 - 3\n and cifsacl mount options (bsc#1051510).\n\n - cifs: prototype declaration and definition to set acl\n for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: refactor crypto shash/sdesc allocation&free\n (bsc#1051510).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs\n (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl\n functions (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl\n function (bsc#1051510).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n\n - clk: imx6q: reset exclusive gates on init (bsc#1051510).\n\n - clk: rockchip: fix typo in rk3188 spdif_frac parent\n (bsc#1051510).\n\n - clk: sunxi-ng: enable so-said LDOs for A64 SoC's\n pll-mipi clock (bsc#1051510).\n\n - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n\n - cpufreq: imx6q: add return value check for voltage scale\n (bsc#1051510).\n\n - Cramfs: fix abad comparison when wrap-arounds occur\n (bsc#1051510).\n\n - crypto: authencesn - Avoid twice completion call in\n decrypt path (bsc#1051510).\n\n - crypto: authenc - fix parsing key with misaligned\n rta_len (bsc#1051510).\n\n - crypto: bcm - convert to use\n crypto_authenc_extractkeys() (bsc#1051510).\n\n - crypto: caam - fix zero-length buffer DMA mapping\n (bsc#1051510).\n\n - crypto: user - support incremental algorithm dumps\n (bsc#1120902).\n\n - dlm: fixed memory leaks after failed ls_remove_names\n allocation (bsc#1051510).\n\n - dlm: lost put_lkb on error path in receive_convert() and\n receive_unlock() (bsc#1051510).\n\n - dlm: memory leaks on error path in dlm_user_request()\n (bsc#1051510).\n\n - dlm: possible memory leak on error path in create_lkb()\n (bsc#1051510).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()\n (bsc#1051510).\n\n - dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n\n - dmaengine: dma-jz4780: Return error if not probed from\n DT (bsc#1051510).\n\n - dmaengine: dw: Fix FIFO size for Intel Merrifield\n (bsc#1051510).\n\n - dmaengine: xilinx_dma: Remove __aligned attribute on\n zynqmp_dma_desc_ll (bsc#1051510).\n\n - dm cache metadata: verify cache has blocks in\n blocks_are_clean_separate_dirty() (git-fixes).\n\n - dm: call blk_queue_split() to impose device limits on\n bios (git-fixes).\n\n - dm: do not allow readahead to limit IO size (git-fixes).\n\n - dm thin: send event about thin-pool state change _after_\n making it (git-fixes).\n\n - dm zoned: Fix target BIO completion handling\n (git-fixes).\n\n - Do not log expected error on DFS referral request\n (bsc#1051510).\n\n - driver core: Move async_synchronize_full call\n (bsc#1051510).\n\n - drivers: core: Remove glue dirs from sysfs earlier\n (bsc#1051510).\n\n - drivers/misc/sgi-gru: fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo\n (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - drivers/sbus/char: add of_node_put() (bsc#1051510).\n\n - drivers/tty: add missing of_node_put() (bsc#1051510).\n\n - drm/fb-helper: Ignore the value of\n fb_var_screeninfo.pixclock (bsc#1113722)\n\n - drm/fb-helper: Partially bring back workaround for bugs\n of SDL 1.2 (bsc#1113722)\n\n - drm/i915/gvt: Fix mmap range check (bsc#1120902)\n\n - drm/nouveau/tmr: detect stalled gpu timer and break out\n of waits (bsc#1123538).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n\n - drm/vmwgfx: Return error code from\n vmw_execbuf_copy_fence_user (bsc#1120902)\n\n - e1000e: allow non-monotonic SYSTIM readings\n (bsc#1051510).\n\n - exportfs: do not read dentry after free (bsc#1051510).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - fanotify: fix handling of events on child sub-directory\n (bsc#1122019).\n\n - fat: validate ->i_start before using (bsc#1051510).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y\n (bsc#1051510).\n\n - fork: do not copy inconsistent signal handler state to\n child (bsc#1051510).\n\n - fork: record start_time late (git-fixes).\n\n - fork: unconditionally clear stack on fork (git-fixes).\n\n - fs/cifs: require sha512 (bsc#1051510).\n\n - gpio: altera-a10sr: Set proper output level for\n direction_output (bsc#1051510).\n\n - gpio: pcf857x: Fix interrupts on multiple instances\n (bsc#1051510).\n\n - gpio: pl061: handle failed allocations (bsc#1051510).\n\n - gpio: pl061: Move irq_chip definition inside struct\n pl061 (bsc#1051510).\n\n - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n\n - gro_cell: add napi_disable in gro_cells_destroy\n (networking-stable-19_01_04).\n\n - hfs: do not free node before using (bsc#1051510).\n\n - hfsplus: do not free node before using (bsc#1051510).\n\n - hfsplus: prevent btree data loss on root split\n (bsc#1051510).\n\n - hfs: prevent btree data loss on root split\n (bsc#1051510).\n\n - i2c: dev: prevent adapter retries and timeout being set\n as minus value (bsc#1051510).\n\n - i40e: fix mac filter delete when setting mac address\n (bsc#1056658 bsc#1056662).\n\n - i40e: report correct statistics when XDP is enabled\n (bsc#1056658 bsc#1056662).\n\n - i40e: restore NETIF_F_GSO_IPXIP to netdev features\n (bsc#1056658 bsc#1056662).\n\n - ibmveth: Do not process frames after calling\n napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error\n path (networking-stable-19_01_04).\n\n - ibmvnic: Add ethtool private flag for driver-defined\n queue limits (bsc#1121726).\n\n - ibmvnic: Increase maximum queue size limit\n (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes\n (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bsc#1051510).\n\n - ieee802154: lowpan_header_create check must check daddr\n (networking-stable-19_01_04).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS\n Aspire F5-573G (bsc#1051510).\n\n - input: omap-keypad - fix idle configuration to not block\n SoC idle states (bsc#1051510).\n\n - input: raspberrypi-ts - fix link error (git-fixes).\n\n - input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n\n - input: synaptics - enable RMI on ThinkPad T560\n (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP EliteBook 840 G4\n (bsc#1051510).\n\n - input: xpad - add support for SteelSeries Stratus Duo\n (bsc#1111666).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg\n (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from\n a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of\n map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in\n intel_iommu_put_resv_regions() (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).\n\n - ipmi:ssif: Fix handling of multi-part return messages\n (bsc#1051510).\n\n - ip: on queued skb use skb_header_pointer instead of\n pskb_may_pull (git-fixes).\n\n - ipv4: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when\n truesize changes (networking-stable-18_12_12).\n\n - ipv6: Check available headroom in ip6_xmit() even\n without options (networking-stable-18_12_12).\n\n - ipv6: explicitly initialize udp6_addr in\n udp_sock_create6() (networking-stable-19_01_04).\n\n - ipv6: sr: properly initialize flowi6 prior passing to\n ip6_route_output (networking-stable-18_12_12).\n\n - ipv6: tunnels: fix two use-after-free\n (networking-stable-19_01_04).\n\n - ip: validate header length on virtual device xmit\n (networking-stable-19_01_04).\n\n - iscsi target: fix session creation failure handling\n (bsc#1051510).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl\n (bsc#1051510).\n\n - iwlwifi: fix non_shared_ant for 22000 devices\n (bsc#1119086).\n\n - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old\n firmwares (bsc#1119086).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep\n breakage (bsc#1051510).\n\n - kABI: fix xhci kABI stability (bsc#1119086).\n\n - kABI: protect struct sctp_association (kabi).\n\n - kABI workaround for deleted\n snd_hda_register_beep_device() (bsc#1122944).\n\n - kABI workaround for snd_hda_bus.bus_probing addition\n (bsc#1122944).\n\n - kdb: use memmove instead of overlapping memcpy\n (bsc#1120954).\n\n - kernel/exit.c: release ptraced tasks before\n zap_pid_ns_processes (git-fixes).\n\n - kvm: arm/arm64: Properly protect VGIC locks from IRQs\n (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in\n update_affinity (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls\n with SRCU lock (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS save/restore: protect\n kvm_read_guest() calls (bsc#1117155).\n\n - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9\n supports 1T segments (bsc#1124589).\n\n - kvm: sev: Fail KVM_SEV_INIT if already initialized\n (bsc#1114279).\n\n - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n\n - lan78xx: Resolve issue with changing MAC address\n (bsc#1051510).\n\n - libertas_tf: prevent underflow in process_cmdrequest()\n (bsc#1119086).\n\n - lib/rbtree-test: lower default params (git-fixes).\n\n - lockd: fix access beyond unterminated strings in prints\n (git-fixes).\n\n - LSM: Check for NULL cred-security on free (bsc#1051510).\n\n - md: fix raid10 hang issue caused by barrier (git-fixes).\n\n - media: firewire: Fix app_info parameter type in\n avc_ca(,_app)_info (bsc#1051510).\n\n - media: usb: pwc: Do not use coherent DMA buffers for ISO\n transfer (bsc#1054610).\n\n - media: v4l2-tpg: array index could become negative\n (bsc#1051510).\n\n - media: v4l: ioctl: Validate num_planes for debug\n messages (bsc#1051510).\n\n - media: vb2: be sure to unlock mutex on errors\n (bsc#1051510).\n\n - media: vb2: vb2_mmap: move lock up (bsc#1051510).\n\n - media: vivid: fix error handling of kthread_run\n (bsc#1051510).\n\n - media: vivid: free bitmap_cap when updating\n std/timings/etc (bsc#1051510).\n\n - media: vivid: set min width/height to a value > 0\n (bsc#1051510).\n\n - mfd: ab8500-core: Return zero in\n get_register_interruptible() (bsc#1051510).\n\n - mfd: tps6586x: Handle interrupts on suspend\n (bsc#1051510).\n\n - misc: atmel-ssc: Fix section annotation on\n atmel_ssc_get_driver_data (bsc#1051510).\n\n - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n\n - misc: mic/scif: fix copy-paste error in\n scif_create_remote_lookup (bsc#1051510).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling\n (bsc#1051510).\n\n - misc: sram: enable clock before registering regions\n (bsc#1051510).\n\n - misc: sram: fix resource leaks in probe error path\n (bsc#1051510).\n\n - misc: ti-st: Fix memory leak in the error path of\n probe() (bsc#1051510).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec()\n (bsc#1051510).\n\n - mmc: atmel-mci: do not assume idle after\n atmci_request_end (bsc#1051510).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error\n (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: : Fix the license information\n (bsc#1051510).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during\n probe (bsc#1051510).\n\n - mm/huge_memory: fix lockdep complaint on 32-bit\n i_size_read() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: rename freeze_page() to unmap_page() (VM\n Functionality, bsc#1121599).\n\n - mm/huge_memory: splitting set mapping+index before\n unfreeze (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() do not crash on Compound\n (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() remember to clear holes\n (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() stop if punched or\n truncated (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() without freezing\n new_page (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: fix crashes due to misaccounted holes (VM\n Functionality, bsc#1121599).\n\n - mm/khugepaged: minor reorderings in collapse_shmem() (VM\n Functionality, bsc#1121599).\n\n - mm: migrate: lock buffers before\n migrate_page_move_mapping() (bsc#1084216).\n\n - mm: migrate: Make buffer_migrate_page_norefs() actually\n succeed (bsc#1084216)\n\n - mm: migrate: provide buffer_migrate_page_norefs()\n (bsc#1084216).\n\n - mm: migration: factor out code to compute expected\n number of page references (bsc#1084216).\n\n - Move the upstreamed HD-audio fix into sorted section\n\n - mpt3sas: check sense buffer before copying sense data\n (bsc#1106811).\n\n - neighbour: Avoid writing before skb->head in\n neigh_hh_output() (networking-stable-18_12_12).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with\n network traffic (networking-stable-18_12_12).\n\n - net: core: Fix Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - net/hamradio/6pack: use mod_timer() to rearm timers\n (networking-stable-19_01_04).\n\n - net: hns3: add error handler for\n hns3_nic_init_vector_data() (bsc#1104353).\n\n - net: hns3: add handling for big TX fragment (bsc#1104353\n ).\n\n - net: hns3: Fix client initialize state issue when roce\n client initialize failed (bsc#1104353).\n\n - net: hns3: Fix for loopback selftest failed problem\n (bsc#1104353 ).\n\n - net: hns3: fix for multiple unmapping DMA problem\n (bsc#1104353 ).\n\n - net: hns3: Fix tc setup when netdev is first up\n (bsc#1104353 ).\n\n - net: hns3: Fix tqp array traversal condition for vf\n (bsc#1104353 ).\n\n - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353\n ).\n\n - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n\n - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n\n - net: hns3: rename the interface for init_client_instance\n and uninit_client_instance (bsc#1104353).\n\n - net: macb: restart tx after tx used bit read\n (networking-stable-19_01_04).\n\n - net/mlx4_en: Change min MTU size to ETH_MIN_MTU\n (networking-stable-18_12_12).\n\n - net/mlx5e: Remove the false indication of software\n timestamping support (networking-stable-19_01_04).\n\n - net/mlx5: Typo fix in del_sw_hw_rule\n (networking-stable-19_01_04).\n\n - net: phy: do not allow __set_phy_supported to add\n unsupported modes (networking-stable-18_12_12).\n\n - net: phy: Fix the issue that netif always links up after\n resuming (networking-stable-19_01_04).\n\n - netrom: fix locking in nr_find_socket()\n (networking-stable-19_01_04).\n\n - net: skb_scrub_packet(): Scrub offload_fwd_mark\n (networking-stable-18_12_03).\n\n - net/smc: fix TCP fallback socket release\n (networking-stable-19_01_04).\n\n - net: stmmac: Fix PCI module removal leak (git-fixes).\n\n - net: thunderx: set tso_hdrs pointer to NULL in\n nicvf_free_snd_queue (networking-stable-18_12_03).\n\n - net: thunderx: set xdp_prog to NULL if bpf_prog_add\n fails (networking-stable-18_12_03).\n\n - net/wan: fix a double free in x25_asy_open_tty()\n (networking-stable-19_01_04).\n\n - nfsd: COPY and CLONE operations require the saved\n filehandle to be set (git-fixes).\n\n - nfsd: Fix an Oops in free_session() (git-fixes).\n\n - nfs: Fix a missed page unlock after pg_doio()\n (git-fixes).\n\n - NFS: Fix up return value on fatal errors in\n nfs_page_async_flush() (git-fixes).\n\n - NFSv4.1: Fix the r/wsize checking (git-fixes).\n\n - NFSv4: Do not exit the state manager without clearing\n NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme-multipath: round-robin I/O policy (bsc#1110705).\n\n - omap2fb: Fix stack memory disclosure (bsc#1120902)\n\n - packet: Do not leak dev refcounts on error exit\n (git-fixes).\n\n - packet: validate address length if non-zero\n (networking-stable-19_01_04).\n\n - packet: validate address length\n (networking-stable-19_01_04).\n\n - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n\n - phonet: af_phonet: Fix Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34\n scan codes (bsc#1051510).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK\n (bsc#1051510).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle\n the display off hotkey (bsc#1051510).\n\n - powerpc: Always save/restore checkpointed regs during\n treclaim/trecheckpoint (bsc#1118338).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on\n big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm,\n thread-groups' (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of\n open-coding it (bsc#1109695).\n\n - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for\n deep state offline (bsc#1119766, bsc#1055121).\n\n - powerpc/powernv: Clear PECE1 in LPCR via stop-api only\n on Hotplug (bsc#1119766, bsc#1055121).\n\n - powerpc: Remove facility loadups on transactional (fp,\n vec, vsx) unavailable (bsc#1118338).\n\n - powerpc: Remove redundant FP/Altivec giveup code\n (bsc#1118338).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology\n (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction\n (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings\n (bsc#1109695).\n\n - powerpc/tm: Avoid machine crash on rt_sigreturn\n (bsc#1118338).\n\n - powerpc/tm: Do not check for WARN in TM Bad Thing\n handling (bsc#1118338).\n\n - powerpc/tm: Fix comment (bsc#1118338).\n\n - powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n\n - powerpc/tm: Fix HFSCR bit for no suspend case\n (bsc#1118338).\n\n - powerpc/tm: Fix HTM documentation (bsc#1118338).\n\n - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM\n (bsc#1118338).\n\n - powerpc/tm: P9 disable transactionally suspended\n sigcontexts (bsc#1118338).\n\n - powerpc/tm: Print 64-bits MSR (bsc#1118338).\n\n - powerpc/tm: Print scratch value (bsc#1118338).\n\n - powerpc/tm: Reformat comments (bsc#1118338).\n\n - powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n\n - powerpc/tm: Remove struct thread_info param from\n tm_reclaim_thread() (bsc#1118338).\n\n - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n\n - powerpc/tm: Set MSR[TS] just prior to recheckpoint\n (bsc#1118338, bsc#1120955).\n\n - powerpc/tm: Unset MSR[TS] if not recheckpointing\n (bsc#1118338).\n\n - powerpc/tm: Update function prototype comment\n (bsc#1118338).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on\n bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region\n (bsc#1122885).\n\n - pstore/ram: Avoid allocation and leak of platform data\n (bsc#1051510).\n\n - pstore/ram: Avoid NULL deref in ftrace merging failure\n path (bsc#1051510).\n\n - pstore/ram: Correctly calculate usable PRZ bytes\n (bsc#1051510).\n\n - pstore/ram: Do not treat empty buffers as valid\n (bsc#1051510).\n\n - ptp_kvm: probe for kvm guest availability (bsc#1098382).\n\n - ptr_ring: wrap back ->producer in\n __ptr_ring_swap_queue() (networking-stable-19_01_04).\n\n - qed: Avoid constant logical operation warning in\n qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Avoid implicit enum conversion in\n qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in\n qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in\n qed_set_tunn_cls_info (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313\n bsc#1086301).\n\n - qed: Fix blocking/unlimited SPQ entries leak\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix command number mismatch between driver and the\n mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix memory/entry leak in qed_init_sp_request()\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix potential memory corruption (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix PTT leak in qed_drain() (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix QM getters to always return a valid pq\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix rdma_info structure allocation (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix reading wrong value in loop condition\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qla2xxx: Fixup dual-protocol FCP connections\n (bsc#1108870).\n\n - qmi_wwan: Added support for Fibocom NL668 series\n (networking-stable-19_01_04).\n\n - qmi_wwan: Added support for Telit LN940 series\n (networking-stable-19_01_04).\n\n - qmi_wwan: Add support for Fibocom NL678 series\n (networking-stable-19_01_04).\n\n - rapidio/rionet: do not free skb before reading its\n length (networking-stable-18_12_03).\n\n - RDMA/core: Fix unwinding flow in case of error to\n register device (bsc#1046306).\n\n - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode\n again' (bsc#1051510).\n\n - rpm/release-projects: Add SUSE:Maintenance:* for MU\n kernels (bsc#1123317)\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for\n ARPHRD_ETHER devices (networking-stable-18_12_12).\n\n - s390/zcrypt: fix specification exception on z196 during\n ap probe (LTC#174936, bsc#1123061).\n\n - sbus: char: add of_node_put() (bsc#1051510).\n\n - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi\n 5.0/scsi-fixes\n\n - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n\n - scsi: qedi: Add ep_state for login completion on\n un-reachable targets (bsc#1113712).\n\n - scsi: qla2xxx: Timeouts occur on surprise removal of\n QLogic adapter (bsc#1124985).\n\n - scsi: target: make the pi_prot_format ConfigFS path\n readable (bsc#1123933).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in\n sctp_inet6addr_event (networking-stable-19_01_04).\n\n - sctp: kfree_rcu asoc (networking-stable-18_12_12).\n\n - selftests/powerpc: Use snprintf to construct DSCR sysfs\n interface paths (bsc#1124579).\n\n - selinux: Add __GFP_NOWARN to allocation at str_read()\n (bsc#1051510).\n\n - selinux: fix GPF on invalid policy (bsc#1051510).\n\n - serial: imx: fix error handling in console_setup\n (bsc#1051510).\n\n - serial: set suppress_bind_attrs flag only if builtin\n (bsc#1051510).\n\n - serial/sunsu: fix refcount leak (bsc#1051510).\n\n - serial: uartps: Fix interrupt mask issue to handle the\n RX interrupts properly (bsc#1051510).\n\n - shmem: introduce shmem_inode_acct_block (VM\n Functionality, bsc#1121599).\n\n - shmem: shmem_charge: verify max_block is not exceeded\n before inode update (VM Functionality, bsc#1121599).\n\n - signal: Always deliver the kernel's SIGKILL and SIGSTOP\n to a pid namespace init (git-fixes).\n\n - slab: alien caches must not be initialized if the\n allocation of the alien cache failed (git fixes\n (mm/slab)).\n\n - smb3.1.1 dialect is no longer experimental\n (bsc#1051510).\n\n - smb311: Fix reconnect (bsc#1051510).\n\n - smb3: Add support for multidialect negotiate (SMB2.1 and\n later) (bsc#1051510).\n\n - smb3: allow stats which track session and share\n reconnects to be reset (bsc#1051510).\n\n - smb3: Backup intent flag missing for directory opens\n with backupuid mounts (bsc#1051510).\n\n - smb3: check for and properly advertise directory lease\n support (bsc#1051510).\n\n - smb3: directory sync should not return an error\n (bsc#1051510).\n\n - smb3: do not attempt cifs operation in smb3 query info\n error path (bsc#1051510).\n\n - smb3: do not request leases in symlink creation and\n query (bsc#1051510).\n\n - smb3: Do not send SMB3 SET_INFO if nothing changed\n (bsc#1051510).\n\n - smb3: enumerating snapshots was leaving part of the data\n off end (bsc#1051510).\n\n - smb3: Fix length checking of SMB3.11 negotiate request\n (bsc#1051510).\n\n - smb3: Fix root directory when server returns inode\n number of zero (bsc#1051510).\n\n - smb3: fix various xid leaks (bsc#1051510).\n\n - smb3: Improve security, move default dialect to SMB3\n from old CIFS (bsc#1051510).\n\n - smb3: on kerberos mount if server does not specify auth\n type use krb5 (bsc#1051510).\n\n - smb3: Remove ifdef since SMB3 (and later) now STRONGLY\n preferred (bsc#1051510).\n\n - smb3: simplify code by removing CONFIG_CIFS_SMB311\n (bsc#1051510).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121\n rev B1 (bsc#1051510).\n\n - sunrpc: correct the computation for page_ptr when\n truncating (git-fixes).\n\n - sunrpc: Fix a potential race in xprt_connect()\n (git-fixes).\n\n - sunrpc: Fix leak of krb5p encode pages (git-fixes).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n\n - sunrpc: safely reallow resvport min/max inversion\n (git-fixes).\n\n - tcp: Do not underestimate rwnd_limited\n (networking-stable-18_12_12).\n\n - tcp: fix a race in inet_diag_dump_icsk()\n (networking-stable-19_01_04).\n\n - tcp: fix NULL ref in tail loss probe\n (networking-stable-18_12_12).\n\n - tcp: lack of available data can also cause TSO defer\n (git-fixes).\n\n - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check\n (bsc#1051510).\n\n - tipc: compare remote and local protocols in\n tipc_udp_enable() (networking-stable-19_01_04).\n\n - tipc: fix a double kfree_skb()\n (networking-stable-19_01_04).\n\n - tipc: use lock_sock() in tipc_sk_reinit()\n (networking-stable-19_01_04).\n\n - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock'\n (bsc#1121973).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc\n present (bsc#1051510).\n\n - tty: Handle problem if line discipline does not have\n receive_buf (bsc#1051510).\n\n - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n\n - tty/serial: do not free trasnmit buffer page under port\n lock (bsc#1051510).\n\n - tun: forbid iface creation with rtnl ops\n (networking-stable-18_12_12).\n\n - uart: Fix crash in uart_write and uart_put_char\n (bsc#1051510).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70\n RGB (bsc#1120902).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems\n (bsc#1120902).\n\n - usb: dwc3: gadget: Clear req->needs_extra_trb flag on\n cleanup (bsc#1120902).\n\n - usb: dwc3: trace: add missing break statement to make\n compiler happy (bsc#1120902).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg\n bug 2 (networking-stable-18_12_03).\n\n - usb: serial: option: add Fibocom NL678 series\n (bsc#1120902).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS\n pole displays (bsc#1120902).\n\n - usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n\n - usb: storage: do not insert sane sense for SPC3+ when\n bad sense specified (bsc#1120902).\n\n - usb: xhci: fix 'broken_suspend' placement in struct\n xchi_hcd (bsc#1119086).\n\n - vfs: Avoid softlockups in drop_pagecache_sb()\n (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in\n vhost_add_used_n() (networking-stable-19_01_04).\n\n - virtio-net: fail XDP set if guest csum is negotiated\n (networking-stable-18_12_03).\n\n - virtio-net: keep vnet header zeroed after processing XDP\n (networking-stable-18_12_12).\n\n - vsock: Send reset control packet when socket is\n partially bound (networking-stable-19_01_04).\n\n - vt: invoke notifier on screen size change (bsc#1051510).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system\n (bsc#1106434).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git\n fixes (writeback)).\n\n - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n\n - x86/bugs: Update when to check for the LS_CFG SSBD\n mitigation (bsc#1114279).\n\n - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock\n (bsc#1098382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal\n error in mce_no_way_out() (bsc#1114279).\n\n - x86/microcode/amd: Do not falsely trick the late loading\n mechanism (bsc#1114279).\n\n - x86/mm: Drop usage of __flush_tlb_all() in\n kernel_physical_mapping_init() (bsc#1114279).\n\n - x86, modpost: Replace last remnants of RETPOLINE with\n CONFIG_RETPOLINE (bsc#1114279).\n\n - x86/pvclock: add setter for pvclock_pvti_cpu0_va\n (bsc#1098382).\n\n - x86/resctrl: Fix rdt_find_domain() return value and\n checks (bsc#1114279).\n\n - x86/speculation: Add RETPOLINE_AMD support to the inline\n asm CALL_NOSPEC variant (bsc#1114279).\n\n - x86/speculation: Remove redundant arch_smt_update()\n invocation (bsc#1114279).\n\n - x86/xen/time: Output xen sched_clock time from 0\n (bsc#1098382).\n\n - x86/xen/time: set pvclock flags on xen_time_init()\n (bsc#1098382).\n\n - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n\n - xen: Fix x86 sched_clock() interface for xen\n (bsc#1098382).\n\n - xhci: Add quirk to zero 64bit registers on Renesas PCIe\n controllers (bsc#1120854).\n\n - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC\n (bsc#1119086).\n\n - xprtrdma: Reset credit grant properly after a disconnect\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20669\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:29:12", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - tcp: integer overflow while processing SACK blocks allows remote denial of service. An integer overflow was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service.\n\n - nfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-068)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2019-11477"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-068.NASL", "href": "https://www.tenable.com/plugins/nessus/133458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133458);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2019-11477\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - tcp: integer overflow while processing SACK blocks\n allows remote denial of service. An integer overflow\n was found in the way the Linux kernel's networking\n subsystem processed TCP Selective Acknowledgment (SACK)\n segments. While processing SACK segments, the Linux\n kernel's socket buffer (SKB) data structure becomes\n fragmented. Each fragment is about TCP maximum segment\n size (MSS) bytes. To efficiently process SACK blocks,\n the Linux kernel merges multiple fragmented SKBs into\n one, potentially overflowing the variable holding the\n number of segments. A remote attacker could use this\n flaw to crash the Linux kernel by sending a crafted\n sequence of SACK segments on a TCP connection with\n small value of TCP MSS, resulting in a denial of\n service.\n\n - nfs: NULL pointer dereference due to an anomalized NFS\n message sequence. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-068\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f75313dd\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6382ef0\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fce0b0f5\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1193994a\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0f897ef\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f4cb69c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e46c367\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a97adc25\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34a0ef2a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-85.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:51:05", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14127-1 advisory.\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. (CVE-2018-5390)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). (CVE-2019-3896)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14127-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20836", "CVE-2018-5390", "CVE-2019-12614", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3896"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14127-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150512", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14127-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150512);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2018-5390\",\n \"CVE-2018-20836\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3896\",\n \"CVE-2019-12614\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14127-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14127-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14127-1 advisory.\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and\n tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. (CVE-2018-5390)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged\n local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service\n (DoS). (CVE-2019-3896)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1063416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1090078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1134835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1135650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1138943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139751\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-July/005734.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93126b66\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3896\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.98', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.98', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.98', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.98', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.98', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:22", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14633", "CVE-2018-20836", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3819"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4670.NASL", "href": "https://www.tenable.com/plugins/nessus/125755", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4670.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125755);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-14633\",\n \"CVE-2018-20836\",\n \"CVE-2019-3459\",\n \"CVE-2019-3819\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\",\n \"CVE-2019-11884\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote\n attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and\n thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is\n highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a\n race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a\n local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command,\n because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c\n file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged\n user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are\n vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4670.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.28.1.el6uek', '4.1.12-124.28.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4670');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-05T15:45:37", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow.\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c.\n\n - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c.\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c.\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service.\n\n - kernel: offset2lib allows for the stack guard page to be jumped over.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-15916", "CVE-2019-17055", "CVE-2019-17133", "CVE-2019-17666", "CVE-2020-10711", "CVE-2020-11565", "CVE-2020-8648"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2020-037.NASL", "href": "https://www.tenable.com/plugins/nessus/136804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136804);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2017-1000371\",\n \"CVE-2019-15916\",\n \"CVE-2019-17055\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2020-8648\",\n \"CVE-2020-10711\",\n \"CVE-2020-11565\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - Kernel: NetLabel: null pointer dereference while\n receiving CIPSO packet with null category may cause\n kernel panic.\n\n - kernel: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel lacks a certain upper-bound check, leading to a\n buffer overflow.\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid\n in net/wireless/wext-sme.c.\n\n - kernel: out-of-bounds write in mpol_parse_str function\n in mm/mempolicy.c.\n\n - kernel: use-after-free in n_tty_receive_buf_common\n function in drivers/tty/n_tty.c.\n\n - kernel: unprivileged users able to create RAW sockets\n in AF_ISDN network protocol.\n\n - kernel: memory leak in register_queue_kobjects() in\n net/core/net-sysfs.c leads to denial of service.\n\n - kernel: offset2lib allows for the stack guard page to\n be jumped over.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2020-037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3757\",\n \"vzkernel-2.6.32-042stab144.1\",\n \"vzkernel-devel-2.6.32-042stab144.1\",\n \"vzkernel-firmware-2.6.32-042stab144.1\",\n \"vzmodules-2.6.32-042stab144.1\",\n \"vzmodules-devel-2.6.32-042stab144.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:35:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0831 advisory.\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-18T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:0831)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14895", "CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_e4s:8.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-cross-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-perf:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0831.NASL", "href": "https://www.tenable.com/plugins/nessus/134670", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0831. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134670);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14895\", \"CVE-2019-17666\");\n script_xref(name:\"RHSA\", value:\"2020:0831\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:0831)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0831 advisory.\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14895', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0831');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.16.1.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.16.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:36:58", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1347 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:1347)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1347.NASL", "href": "https://www.tenable.com/plugins/nessus/135252", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1347. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135252);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-17666\");\n script_xref(name:\"RHSA\", value:\"2020:1347\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:1347)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1347 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1347');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.65.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.65.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:33:46", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5535 advisory.\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5535)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17666", "CVE-2019-19332"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5535.NASL", "href": "https://www.tenable.com/plugins/nessus/133711", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5535.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133711);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-17666\", \"CVE-2019-19332\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5535)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5535 advisory.\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a\n certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5535.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.36.1.el6uek', '4.1.12-124.36.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5535');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.36.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.36.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.36.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.36.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.36.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.36.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.36.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.36.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.36.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.36.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.36.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.36.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-05T15:43:26", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory.\n\n - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2020:1524)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_els:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-1524.NASL", "href": "https://www.tenable.com/plugins/nessus/135910", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1524. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135910);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2017-1000371\", \"CVE-2019-17666\");\n script_bugtraq_id(99131);\n script_xref(name:\"RHSA\", value:\"2020:1524\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2020:1524)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1524 advisory.\n\n - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-1000371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1462158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 120);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2017-1000371', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1524');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/system-z/6/6Server/s390x/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/os',\n 'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/os',\n 'content/fastrack/rhel/system-z/6/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-firmware-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-2.6.32-754.29.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-2.6.32-754.29.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.29.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-05T15:43:26", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory.\n\n - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-28T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2020:1524) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-17666"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2020-1524.NASL", "href": "https://www.tenable.com/plugins/nessus/136020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1524 and \n# CentOS Errata and Security Advisory 2020:1524 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136020);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2017-1000371\", \"CVE-2019-17666\");\n script_xref(name:\"RHSA\", value:\"2020:1524\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2020:1524) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1524 advisory.\n\n - kernel: offset2lib allows for the stack guard page to be\n jumped over (CVE-2017-1000371)\n\n - kernel: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel lacks a certain upper-bound check, leading to a\n buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-April/035703.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c141be78\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-754.29.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-05T15:44:21", "description": "Security Fix(es) :\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000371", "CVE-2019-17666"], "modified": "2020-04-28T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200422_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135959);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2017-1000371\", \"CVE-2019-17666\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - kernel: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel lacks a certain upper-bound check, leading to a\n buffer overflow (CVE-2019-17666)\n\n - kernel: offset2lib allows for the stack guard page to be\n jumped over (CVE-2017-1000371)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=29160\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11aabf84\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-754.29.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-754.29.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:37:14", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1353 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-07T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel-rt (RHSA-2020:1353)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14816", "CVE-2019-17666"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-firmware:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-trace-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-vanilla:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-vanilla-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1353.NASL", "href": "https://www.tenable.com/plugins/nessus/135248", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1353. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135248);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-17666\");\n script_xref(name:\"RHSA\", value:\"2020:1353\");\n\n script_name(english:\"RHEL 6 : kernel-rt (RHSA-2020:1353)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1353 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-17666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1353');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g-execute/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-g/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-m/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-mgmt/2/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/os',\n 'content/dist/rhel/server/6/6Server/x86_64/mrg-r/2/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-debug-devel-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-devel-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-doc-3.10.0-693.65.1.rt56.663.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-firmware-3.10.0-693.65.1.rt56.663.el6rt', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-trace-devel-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'},\n {'reference':'kernel-rt-vanilla-devel-3.10.0-693.65.1.rt56.663.el6rt', 'cpu':'x86_64', 'release':'6', 'el_string':'el6rt', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'mrg-release'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / kernel-rt-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T15:00:42", "description": "Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835)\n\nIt was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030)\n\nIt was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information.\n(CVE-2019-15031).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4135-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4135-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129049", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4135-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129049);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-14835\", \"CVE-2019-15030\", \"CVE-2019-15031\");\n script_xref(name:\"USN\", value:\"4135-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4135-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Peter Pi discovered a buffer overflow in the virtio network backend\n(vhost_net) implementation in the Linux kernel. An attacker in a guest\nmay be able to use this to cause a denial of service (host OS crash)\nor possibly execute arbitrary code in the host OS. (CVE-2019-14835)\n\nIt was discovered that the Linux kernel on PowerPC architectures did\nnot properly handle Facility Unavailable exceptions in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2019-15030)\n\nIt was discovered that the Linux kernel on PowerPC architectures did\nnot properly handle exceptions on interrupts in some situations. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2019-15031).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4135-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14835\", \"CVE-2019-15030\", \"CVE-2019-15031\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4135-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1025-oracle\", pkgver:\"4.15.0-1025.28~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1044-gcp\", pkgver:\"4.15.0-1044.46\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1050-aws\", pkgver:\"4.15.0-1050.52~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1059-azure\", pkgver:\"4.15.0-1059.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-64-generic\", pkgver:\"4.15.0-64.73~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-64-generic-lpae\", pkgver:\"4.15.0-64.73~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-64-lowlatency\", pkgver:\"4.15.0-64.73~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1058-kvm\", pkgver:\"4.4.0-1058.65\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1094-aws\", pkgver:\"4.4.0-1094.105\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1122-raspi2\", pkgver:\"4.4.0-1122.131\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1126-snapdragon\", pkgver:\"4.4.0-1126.132\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-164-generic\", pkgver:\"4.4.0-164.192\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-164-generic-lpae\", pkgver:\"4.4.0-164.192\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-164-lowlatency\", pkgver:\"4.4.0-164.192\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1094.98\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1050.50\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1059.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1044.58\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.164.172\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.64.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.164.172\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.64.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1044.58\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1058.58\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.164.172\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.64.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.64.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1025.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1122.122\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1126.118\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.164.172\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.64.84\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1025-oracle\", pkgver:\"4.15.0-1025.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1044-gcp\", pkgver:\"4.15.0-1044.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1044-gke\", pkgver:\"4.15.0-1044.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1046-kvm\", pkgver:\"4.15.0-1046.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1047-raspi2\", pkgver:\"4.15.0-1047.51\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1050-aws\", pkgver:\"4.15.0-1050.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1056-oem\", pkgver:\"4.15.0-1056.65\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1064-snapdragon\", pkgver:\"4.15.0-1064.71\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-64-generic\", pkgver:\"4.15.0-64.73\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-64-generic-lpae\", pkgver:\"4.15.0-64.73\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-64-lowlatency\", pkgver:\"4.15.0-64.73\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1017-gke\", pkgver:\"5.0.0-1017.17~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1020-azure\", pkgver:\"5.0.0-1020.21~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-29-generic\", pkgver:\"5.0.0-29.31~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-29-generic-lpae\", pkgver:\"5.0.0-29.31~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-29-lowlatency\", pkgver:\"5.0.0-29.31~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1050.49\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1020.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1044.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.64.66\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.0.0.29.86\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.64.66\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.0.0.29.86\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1044.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1044.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1017.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1046.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.64.66\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.0.0.29.86\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1056.60\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1025.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1047.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1064.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.0.0.29.86\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.64.66\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.0.0.29.86\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1016-aws\", pkgver:\"5.0.0-1016.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-gcp\", pkgver:\"5.0.0-1017.17\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-kvm\", pkgver:\"5.0.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-raspi2\", pkgver:\"5.0.0-1017.17\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1020-azure\", pkgver:\"5.0.0-1020.21\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1021-snapdragon\", pkgver:\"5.0.0-1021.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-29-generic\", pkgver:\"5.0.0-29.31\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-29-generic-lpae\", pkgver:\"5.0.0-29.31\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-29-lowlatency\", pkgver:\"5.0.0-29.31\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1016.17\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1020.19\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1017.43\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.29.30\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.29.30\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1017.43\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1017.17\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.29.30\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1017.14\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1021.14\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.29.30\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:20:29", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThis update adds support for the Hygon Dhyana CPU (fate#327735).\n\nThe following security bugs were fixed :\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2019-12614", "CVE-2019-12817"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1744-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1744-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2019-12614\", \"CVE-2019-12817\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThis update adds support for the Hygon Dhyana CPU (fate#327735).\n\nThe following security bugs were fixed :\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in\narch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup\nof prop->name, which might allow an attacker to cause a denial of\nservice (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS\nmessage sequence was fixed. (bnc#1137103).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could\naccess other users processes memory (bnc#1138263).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16871/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12614/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12817/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191744-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2c9bf18\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-1744=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12817\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:16", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2019-3.0-0015", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3887", "CVE-2019-9857"], "modified": "2019-06-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/126115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126115);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/06/26 10:34:07\");\n\n script_cve_id(\n \"CVE-2019-11487\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3887\",\n \"CVE-2019-9857\"\n );\n script_bugtraq_id(\n 106565,\n 107527,\n 107850,\n 107910,\n 108054,\n 108113,\n 108283,\n 108286\n );\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2019-3.0-0015\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-api-headers-4.19.40-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-drivers-gpu-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-oprofile-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-sound-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-tools-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-gpu-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-sound-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-oprofile-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-debuginfo-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-devel-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-docs-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-lkcm-4.19.40-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-tools-4.19.40-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:26:52", "description": "It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information (kernel memory). (CVE-2017-1000410)\n\nIt was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18360)\n\nMathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824)\n\nShlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel.\nAn attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)\n\nJann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)\n\nFelix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM).\n(CVE-2019-7222)\n\nJann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000410", "CVE-2017-18360", "CVE-2018-19824", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3933-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3933-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123682);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-18360\", \"CVE-2018-19824\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2019-9213\");\n script_xref(name:\"USN\", value:\"3933-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that an information leak vulnerability existed in\nthe Bluetooth implementation of the Linux kernel. An attacker within\nBluetooth range could possibly expose sensitive information (kernel\nmemory). (CVE-2017-1000410)\n\nIt was discovered that the USB serial device driver in the Linux\nkernel did not properly validate baud rate settings when debugging is\nenabled. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-18360)\n\nMathias Payer and Hui Peng discovered a use-after-free vulnerability\nin the Advanced Linux Sound Architecture (ALSA) subsystem. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19824)\n\nShlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an\ninformation leak in the Bluetooth implementation of the Linux kernel.\nAn attacker within Bluetooth range could use this to expose sensitive\ninformation (kernel memory). (CVE-2019-3459, CVE-2019-3460)\n\nJann Horn discovered that the KVM implementation in the Linux kernel\ncontained a use-after-free vulnerability. An attacker in a guest VM\nwith access to /dev/kvm could use this to cause a denial of service\n(guest VM crash). (CVE-2019-6974)\n\nFelix Wilhelm discovered that an information leak vulnerability\nexisted in the KVM subsystem of the Linux kernel, when nested\nvirtualization is used. A local attacker could use this to expose\nsensitive information (host system memory to a guest VM).\n(CVE-2019-7222)\n\nJann Horn discovered that the mmap implementation in the Linux kernel\ndid not properly check for the mmap minimum address in some\nsituations. A local attacker could use this to assist exploiting a\nkernel NULL pointer dereference vulnerability. (CVE-2019-9213).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3933-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000410\", \"CVE-2017-18360\", \"CVE-2018-19824\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-6974\", \"CVE-2019-7222\", \"CVE-2019-9213\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3933-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-168-generic\", pkgver:\"3.13.0-168.218\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-168-generic-lpae\", pkgver:\"3.13.0-168.218\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-168-lowlatency\", pkgver:\"3.13.0-168.218\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.168.179\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.168.179\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.168.179\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual\", pkgver:\"3.13.0.168.179\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:26:52", "description": "The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18249", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0901-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0901-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2017-18249\",\n \"CVE-2019-2024\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176\nto receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed\nwhich could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free. (bnc#1124728)\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not\nproperly track an allocated nid, which allowed local users to cause a\ndenial of service (race condition) or possibly have unspecified other\nimpact via concurrent threads (bnc#1087036).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18249/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2024/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9213/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190901-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fced5977\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-901=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2024\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.4.176-4.25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.4.176-4.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:22", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267]\n\n - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924]\n\n - x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924]\n\n - x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug:\n 29660924]\n\n - x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924]\n\n - int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924]\n\n - repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100]\n\n - ext4: fix false negatives*and* false positives in ext4_check_descriptors (Shuning Zhang) [Orabug:\n 29797007]\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739]\n\n - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)\n\n - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)\n\n - HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] (CVE-2019-3819) (CVE-2019-3819)\n\n - scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] (CVE-2018-14633) (CVE-2018-14633)\n\n - scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] (CVE-2018-20836)\n\n - scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] (CVE-2019-11810)\n\n - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] (CVE-2011-1079) (CVE-2019-11884)\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046]\n\n - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock. (Mao Wenan) [Orabug: 29802785] (CVE-2019-11815)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1079", "CVE-2018-14633", "CVE-2018-20836", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3819"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/125754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0024.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125754);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2011-1079\", \"CVE-2018-14633\", \"CVE-2018-20836\", \"CVE-2019-11810\", \"CVE-2019-11815\", \"CVE-2019-11884\", \"CVE-2019-3459\", \"CVE-2019-3819\");\n script_bugtraq_id(46616);\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - hugetlbfs: don't retry when pool page allocations start\n to fail (Mike Kravetz) [Orabug: 29324267]\n\n - x86/speculation: RSB stuffing with retpoline on Skylake+\n cpus (William Roche) [Orabug: 29660924]\n\n - x86/speculation: reformatting RSB overwrite macro\n (William Roche) [Orabug: 29660924]\n\n - x86/speculation: Dynamic enable and disable of RSB\n stuffing with IBRS&!SMEP (William Roche) [Orabug:\n 29660924]\n\n - x86/speculation: STUFF_RSB dynamic enable (William\n Roche) [Orabug: 29660924]\n\n - int3 handler better address space detection on\n interrupts (William Roche) [Orabug: 29660924]\n\n - repairing out-of-tree build functionality (Mark\n Nicholson) [Orabug: 29755100]\n\n - ext4: fix false negatives*and* false positives in\n ext4_check_descriptors (Shuning Zhang) [Orabug:\n 29797007]\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget\n (Shuning Zhang) [Orabug: 29233739]\n\n - Bluetooth: Verify that l2cap_get_conf_opt provides large\n enough buffer (Marcel Holtmann) [Orabug: 29526426]\n (CVE-2019-3459)\n\n - Bluetooth: Check L2CAP option sizes returned from\n l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426]\n (CVE-2019-3459)\n\n - HID: debug: fix the ring buffer implementation (Vladis\n Dronov) [Orabug: 29629481] (CVE-2019-3819)\n (CVE-2019-3819)\n\n - scsi: target: iscsi: Use hex2bin instead of a\n re-implementation (Vincent Pelletier) [Orabug: 29778875]\n (CVE-2018-14633) (CVE-2018-14633)\n\n - scsi: libsas: fix a race condition when smp task timeout\n (Jason Yan) [Orabug: 29783225] (CVE-2018-20836)\n\n - scsi: megaraid_sas: return error when create DMA pool\n failed (Jason Yan) [Orabug: 29783254] (CVE-2019-11810)\n\n - Bluetooth: hidp: fix buffer overflow (Young Xiao)\n [Orabug: 29786786] (CVE-2011-1079) (CVE-2019-11884)\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS\n (Kanth Ghatraju) [Orabug: 29791046]\n\n - net: rds: force to destroy connection if t_sock is NULL\n in rds_tcp_kill_sock. (Mao Wenan) [Orabug: 29802785]\n (CVE-2019-11815)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000943.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.28.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.28.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:37:21", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)\n\n - Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.(CVE-2018-9422)\n\n - A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190)\n\n - A flaw was found in the Linux kernel ext4 filesystem.\n An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877)\n\n - A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133)\n\n - A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.(CVE-2018-19985)\n\n - A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3460)\n\n - A flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3459)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16884)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13168", "CVE-2018-10877", "CVE-2018-16884", "CVE-2018-19985", "CVE-2018-9422", "CVE-2019-11190", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6133"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1304.NASL", "href": "https://www.tenable.com/plugins/nessus/124431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124431);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2017-13168\",\n \"CVE-2018-9422\",\n \"CVE-2018-10877\",\n \"CVE-2018-16884\",\n \"CVE-2018-19985\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-6133\",\n \"CVE-2019-11190\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An elevation of privilege vulnerability in the kernel\n scsi driver. Product: Android. Versions: Android\n kernel. Android ID A-65023233.(CVE-2017-13168)\n\n - Non-optimized code for key handling of shared futexes\n was found in the Linux kernel in the form of unbounded\n contention time due to the page lock for real-time\n users. Before the fix, the page lock was an\n unnecessarily heavy lock for the futex path that\n protected too much. After the fix, the page lock is\n only required in a specific corner case.(CVE-2018-9422)\n\n - A flaw in the load_elf_binary() function in the Linux\n kernel allows a local attacker to leak the base address\n of .text and stack sections for setuid binaries and\n bypass ASLR because install_exec_creds() is called too\n late in this function.(CVE-2019-11190)\n\n - A flaw was found in the Linux kernel ext4 filesystem.\n An out-of-bound access is possible in the\n ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image.(CVE-2018-10877)\n\n - A vulnerability was found in polkit. When\n authentication is performed by a non-root user to\n perform an administrative task, the authentication is\n temporarily cached in such a way that a local attacker\n could impersonate the authorized process, thus gaining\n access to elevated privileges.(CVE-2019-6133)\n\n - A flaw was found in the Linux kernel in the function\n hso_probe() which reads if_num value from the USB\n device (as an u8) and uses it without a length check to\n index an array, resulting in an OOB memory read in\n hso_probe() or hso_get_config_data(). An attacker with\n a forged USB device and physical access to a system\n (needed to connect such a device) can cause a system\n crash and a denial of service.(CVE-2018-19985)\n\n - A flaw was found in the Linux kernel's implementation\n of logical link control and adaptation protocol\n (L2CAP), part of the Bluetooth stack in the\n l2cap_parse_conf_rsp and l2cap_parse_conf_req\n functions. An attacker with physical access within the\n range of standard Bluetooth transmission can create a\n specially crafted packet. The response to this\n specially crafted packet can contain part of the kernel\n stack which can be used in a further\n attack.(CVE-2019-3460)\n\n - A flaw was found in the Linux kernels implementation of\n Logical link control and adaptation protocol (L2CAP),\n part of the Bluetooth stack. An attacker with physical\n access within the range of standard Bluetooth\n transmission can create a specially crafted packet. The\n response to this specially crafted packet can contain\n part of the kernel stack which can be used in a further\n attack.(CVE-2019-3459)\n\n - A flaw was found in the Linux kernel's NFS41+\n subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process()\n use wrong back-channel IDs and cause a use-after-free\n vulnerability. Thus a malicious container user can\n cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out.(CVE-2018-16884)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1304\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dffc7b05\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9422\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-debuginfo-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"perf-3.10.0-862.14.0.1.h137.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.0.1.h137.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:37:56", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1465 advisory.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:1465)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-17666", "CVE-2019-19338"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.6:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/135457", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1465. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135457);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-17666\", \"CVE-2019-19338\");\n script_xref(name:\"RHSA\", value:\"2020:1465\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:1465)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1465 advisory.\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 203, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-17666', 'CVE-2019-19338');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1465');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.48.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:35:23", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1372 advisory.\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2020:1372)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15030", "CVE-2019-15031", "CVE-2019-18660", "CVE-2019-19527"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2020-1372.NASL", "href": "https://www.tenable.com/plugins/nessus/145985", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1372. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145985);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-18660\",\n \"CVE-2019-19527\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1372\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2020:1372)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1372 advisory.\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable\n exception (CVE-2019-15030)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt\n (CVE-2019-15031)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2019-15030', 'CVE-2019-15031', 'CVE-2019-18660', 'CVE-2019-19527');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2020:1372');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:42:36", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1372 advisory.\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:1372)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15030", "CVE-2019-15031", "CVE-2019-18660", "CVE-2019-19527"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-cross-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-perf:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1372.NASL", "href": "https://www.tenable.com/plugins/nessus/139381", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1372. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139381);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-18660\",\n \"CVE-2019-19527\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1372\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:1372)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1372 advisory.\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable\n exception (CVE-2019-15030)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt\n (CVE-2019-15031)\n\n - kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783498\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-15030', 'CVE-2019-15031', 'CVE-2019-18660', 'CVE-2019-19527');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1372');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.8.1.el8_1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.8.1.el8_1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.8.1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:32:19", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1372 advisory.\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. (CVE-2019-15030)\n\n - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. (CVE-2019-15031)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2020-1372)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15030", "CVE-2019-15031", "CVE-2019-18660", "CVE-2019-19527"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2020-1372.NASL", "href": "https://www.tenable.com/plugins/nessus/135378", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-1372.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-18660\",\n \"CVE-2019-19527\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1372\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2020-1372)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-1372 advisory.\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is\n not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to\n arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of\n other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user\n starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector\n registers. At some p

RHEL 7 : kernel-alt (RHSA-2020:0740)

Description

Related