DATABASE RESOURCES PRICING ABOUT US

{"id": "SLACKWARE_SSA_2022-237-02.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-237-02)", "description": "The version of kernel-generic installed on the remote host is prior to 5.15.63 / 5.15.63_smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-237-02 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially (CVE-2022-1943)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-08-26T00:00:00", "modified": "2023-01-12T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/164458", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679"], "cvelist": ["CVE-2021-33655", "CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1462", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1943", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2078", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-2503", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-2873", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-34918", "CVE-2022-36123", "CVE-2022-36879", "CVE-2022-36946"], "immutableFields": [], "lastseen": "2023-07-07T12:33:12", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:5249", "ALSA-2022:5267", "ALSA-2022:5564", "ALSA-2022:5565", "ALSA-2022:5819", "ALSA-2022:5834", "ALSA-2022:6002", "ALSA-2022:6003", "ALSA-2022:6437", "ALSA-2022:6460", "ALSA-2022:6582", "ALSA-2022:6610", "ALSA-2022:7110", "ALSA-2022:7134", "ALSA-2022:7318", "ALSA-2022:7319", "ALSA-2022:7444", "ALSA-2022:7683", "ALSA-2022:7933", "ALSA-2022:8267", "ALSA-2023:0832", "ALSA-2023:0854", "ALSA-2023:0951", "ALSA-2023:0979", "ALSA-2023:2148", "ALSA-2023:2458", "ALSA-2023:2736", "ALSA-2023:2951"]}, {"type": "altlinux", "idList": ["3389D346758499949D2E8B5AA776BFA2", "69D1753D74C2782AF5C4B3E24536D125"]}, {"type": "amazon", "idList": ["ALAS-2022-1591", "ALAS-2022-1604", "ALAS-2022-1606", "ALAS-2022-1624", "ALAS-2022-1636", "ALAS-2022-1645", "ALAS-2022-1798", "ALAS-2022-1852", "ALAS-2022-1888", "ALAS-2023-1773", "ALAS2-2022-1798", "ALAS2-2022-1813", "ALAS2-2022-1825", "ALAS2-2022-1833", "ALAS2-2022-1838", "ALAS2-2022-1852", "ALAS2-2022-1888", "ALAS2-2023-2100"]}, {"type": "amd", "idList": ["AMD-SB-1037"]}, {"type": "androidsecurity", "idList": ["ANDROID:2023-03-01"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2022:5232", "CESA-2022:5937"]}, {"type": "citrix", "idList": ["CTX460064", "CTX461397"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A03F5AC2013ED260DC64C02E99816F92"]}, {"type": "cloudlinux", "idList": ["CLSA-2023:1682705952", "CLSA-2023:1682711481"]}, {"type": "cnvd", "idList": ["CNVD-2022-54887", "CNVD-2022-66584", "CNVD-2022-68510", "CNVD-2022-74091"]}, {"type": "cve", "idList": ["CVE-2021-33655", "CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1462", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1943", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2078", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-2318", "CVE-2022-2503", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-2873", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-34918", "CVE-2022-36123", "CVE-2022-36879", "CVE-2022-36946"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3173-1:82909", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-5161-1:2800F", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5178-1:9B2D2", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5191-1:574E3", "DEBIAN:DSA-5207-1:0D465", "DEBIAN:DSA-5257-1:DB743", "DEBIAN:DSA-5324-1:8EBE4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-33655", "DEBIANCVE:CVE-2022-0494", "DEBIANCVE:CVE-2022-1012", "DEBIANCVE:CVE-2022-1184", "DEBIANCVE:CVE-2022-1462", "DEBIANCVE:CVE-2022-1652", "DEBIANCVE:CVE-2022-1679", "DEBIANCVE:CVE-2022-1729", "DEBIANCVE:CVE-2022-1734", "DEBIANCVE:CVE-2022-1789", "DEBIANCVE:CVE-2022-1852", "DEBIANCVE:CVE-2022-1943", "DEBIANCVE:CVE-2022-1966", "DEBIANCVE:CVE-2022-1972", "DEBIANCVE:CVE-2022-1973", "DEBIANCVE:CVE-2022-1974", "DEBIANCVE:CVE-2022-1975", "DEBIANCVE:CVE-2022-2078", "DEBIANCVE:CVE-2022-21123", "DEBIANCVE:CVE-2022-21125", "DEBIANCVE:CVE-2022-21166", "DEBIANCVE:CVE-2022-21499", "DEBIANCVE:CVE-2022-21505", "DEBIANCVE:CVE-2022-2318", "DEBIANCVE:CVE-2022-2503", "DEBIANCVE:CVE-2022-2585", "DEBIANCVE:CVE-2022-2586", "DEBIANCVE:CVE-2022-2588", "DEBIANCVE:CVE-2022-26365", "DEBIANCVE:CVE-2022-26373", "DEBIANCVE:CVE-2022-2873", "DEBIANCVE:CVE-2022-28893", "DEBIANCVE:CVE-2022-29900", "DEBIANCVE:CVE-2022-29901", "DEBIANCVE:CVE-2022-32250", "DEBIANCVE:CVE-2022-32296", "DEBIANCVE:CVE-2022-32981", "DEBIANCVE:CVE-2022-33740", "DEBIANCVE:CVE-2022-33741", "DEBIANCVE:CVE-2022-33742", "DEBIANCVE:CVE-2022-33743", "DEBIANCVE:CVE-2022-33744", "DEBIANCVE:CVE-2022-34494", "DEBIANCVE:CVE-2022-34495", "DEBIANCVE:CVE-2022-34918", "DEBIANCVE:CVE-2022-36123", "DEBIANCVE:CVE-2022-36879", "DEBIANCVE:CVE-2022-36946"]}, {"type": "f5", "idList": ["F5:K04808933", "F5:K08152433", "F5:K32615023", "F5:K45164470", "F5:K52259753", "F5:K57185580", "F5:K83713003"]}, {"type": "fedora", "idList": ["FEDORA:008B830B1326", "FEDORA:02B0930C67A7", "FEDORA:07137309ACE6", "FEDORA:0724530C2F49", "FEDORA:1327A30569C4", "FEDORA:13A8C30A46D5", "FEDORA:2402C30B8B48", "FEDORA:2BF3D30C5439", "FEDORA:2CD0430B8B7F", "FEDORA:3622F307260C", "FEDORA:39E6D30C27AC", "FEDORA:3E0893021FB2", "FEDORA:4B1E230C3DF7", "FEDORA:6F44230C5613", "FEDORA:791D3304C27B", "FEDORA:79262304C76D", "FEDORA:8904F30B95E5", "FEDORA:890AC30C5439", "FEDORA:8DEF430C679D", "FEDORA:A4846305797B", "FEDORA:B930F30697B0", "FEDORA:CFF3C30B73E9", "FEDORA:D29113027CBD", "FEDORA:D2A5C30571AE", "FEDORA:D8A9730C27AC", "FEDORA:DE93930C58EA", "FEDORA:E6CE83084966"]}, {"type": "gentoo", "idList": ["GLSA-202208-23"]}, {"type": "github", "idList": ["GHSA-J4RF-7357-F4CG"]}, {"type": "githubexploit", "idList": ["027DC021-9759-5152-B253-BB124AAF3689", "194848D4-3D8D-57C9-B93F-94A7FB834CC7", "1AC912AC-B7DA-5F88-B22A-12B17E5D1D5C", "1EF67F84-0CA0-5928-AE63-14B72E0B13B0", "34927D1B-4D9F-5B44-A08D-491384ED675E", "58D56E09-E266-52D1-8E6F-749551BEC175", "78CB0CDA-F946-55E6-A153-20EC40D632CE", "8C048A68-D3B8-57D5-9F89-6F850B0895AE", "96956207-1672-592D-A630-B4AE7A844347", "9CBE87B2-5ADC-5DA9-972B-132F77839B5F", "9E1C498D-25A3-57B2-A391-764CDA0E674F", "A5C99698-1B9B-58C5-8CD0-6C2D15021C06", "AEB0F5A5-E56A-5496-A431-5B7650A28B86", "B8B06A12-C7E0-50A2-8B97-C96DEC77EEB8", "BCD1465A-0399-584D-A327-72619907EC4C", "BE6625E5-8275-5164-A251-2EF421A388EC", "D5706C20-994B-524A-8C43-838B970CD47C", "F3F45FED-B716-5B56-9880-08CA523A08B7"]}, {"type": "hp", "idList": ["HPSBHF03796"]}, {"type": "ibm", "idList": ["02CC99E090503F835786673C0D9AC57A5628D25502EC0A7153FEE8616009F203", "1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "1D0C47C863486617E3DB329A62F4FFC3F23EAEA7A011A9C39ADDEBA1D66287D0", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "496D1442E6BA8A6137102D042D945E6932A39AD824C40F1EC57D3D14D4666E29", "579B3E4AEEBFE2F354CC5701A955BC373C28300C7CF3CEAAD268410F2BAD7847", "638BC9B9F1B860264859BBA0AE04F262C584B383B8D229DBFD85404C0046EBA0", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "67AFE8257A8F5CA32ADE6C83C3A2186FBD379BBBF1049A235EA4EE0C4D67742A", "7723E7232CDF38CAF6FB9BEBC720727705544B73B826D4C481C2D54FB681768E", "79D27898B8C3F1CD24E5049A5FBAD578A20FC6CDB746BF6F52F6F1A54BB54483", "7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7F16B180A017EE946A9293B7F73BB16643FA0EDB494E3BDE4E5E8DC3D7C98EE5", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "8252E44A34109A3FF009BBFE514754BDBBDA4A863EC3277626019A6C284A3C94", "AD6CCE2A1D5A9869BD583668A696E96D5711DC6790008CC35A1991D46E49ABE2", "B5A64C62AD14AC5F708718469CD252B6E7CC148ED6744F6CA78BE827CE0DE99F", "B5A9AF4D83BE66FFB045998A244B081C4B596FD89734452E97AF443158456899", "C8058EE2D98E4E3A2B41A83E031B9A6C3266947F454144446221EF58E526C98F", "C99B3CF5E0C30EDD67EC0E6E4726E2E6DFC139B986DAA387637216BB3413077B", "E86F95B423516140DF23D5DD16D74175F74D96C23CCC412FE50D4D07B828F8A1", "E8EFCA8810003524E6931CD5AFDC084870201D5052BAC467C09EBF324F61A84B", "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "F42698819438A0AFD00188966548F0688DA81186746B5D708D7F1D8C8274475E", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A"]}, {"type": "ics", "idList": ["ICSA-23-075-01", "ICSA-23-103-09", "ICSA-23-166-10", "ICSA-23-166-11", "ICSA-23-166-12"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00615", "INTEL:INTEL-SA-00702", "INTEL:INTEL-SA-00706"]}, {"type": "kaspersky", "idList": ["KLA12568", "KLA12569", "KLA12580", "KLA12581"]}, {"type": "mageia", "idList": ["MGASA-2022-0194", "MGASA-2022-0195", "MGASA-2022-0212", "MGASA-2022-0213", "MGASA-2022-0229", "MGASA-2022-0230", "MGASA-2022-0242", "MGASA-2022-0243", "MGASA-2022-0263", "MGASA-2022-0264", "MGASA-2022-0278", "MGASA-2022-0279", "MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:5E776191FCDE450D39FF196E05A29CB7", "MALWAREBYTES:D133F234942A88D695B4882950A22971"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-NETFILTER_NFT_SET_ELEM_INIT_PRIVESC-"]}, {"type": "mscve", "idList": ["MS:ADV220002", "MS:CVE-2022-21123", "MS:CVE-2022-21125", "MS:CVE-2022-21166", "MS:CVE-2022-29900"]}, {"type": "mskb", "idList": ["KB5015827"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-042.NASL", "AL2022_ALAS2022-2022-083.NASL", "AL2022_ALAS2022-2022-114.NASL", "AL2022_ALAS2022-2022-125.NASL", "AL2022_ALAS2022-2022-127.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2022-1798.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1825.NASL", "AL2_ALAS-2022-1833.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALAS-2022-1888.NASL", "AL2_ALAS-2023-2100.NASL", "AL2_ALASKERNEL-5_10-2022-014.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-018.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-001.NASL", "AL2_ALASKERNEL-5_15-2022-002.NASL", "AL2_ALASKERNEL-5_15-2022-003.NASL", "AL2_ALASKERNEL-5_15-2022-004.NASL", "AL2_ALASKERNEL-5_15-2022-005.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-007.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-026.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-033.NASL", "AL2_ALASKERNEL-5_4-2022-034.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "ALA_ALAS-2022-1591.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1606.NASL", "ALA_ALAS-2022-1624.NASL", "ALA_ALAS-2022-1636.NASL", "ALA_ALAS-2022-1645.NASL", "ALA_ALAS-2023-1773.NASL", "ALMA_LINUX_ALSA-2022-5214.NASL", "ALMA_LINUX_ALSA-2022-5249.NASL", "ALMA_LINUX_ALSA-2022-5267.NASL", "ALMA_LINUX_ALSA-2022-5564.NASL", "ALMA_LINUX_ALSA-2022-5565.NASL", "ALMA_LINUX_ALSA-2022-5819.NASL", "ALMA_LINUX_ALSA-2022-5834.NASL", "ALMA_LINUX_ALSA-2022-6002.NASL", "ALMA_LINUX_ALSA-2022-6003.NASL", "ALMA_LINUX_ALSA-2022-6437.NASL", "ALMA_LINUX_ALSA-2022-6460.NASL", "ALMA_LINUX_ALSA-2022-6582.NASL", "ALMA_LINUX_ALSA-2022-6592.NASL", "ALMA_LINUX_ALSA-2022-6610.NASL", "ALMA_LINUX_ALSA-2022-7110.NASL", "ALMA_LINUX_ALSA-2022-7134.NASL", "ALMA_LINUX_ALSA-2022-7137.NASL", "ALMA_LINUX_ALSA-2022-7318.NASL", "ALMA_LINUX_ALSA-2022-7319.NASL", "ALMA_LINUX_ALSA-2022-7330.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "ALMA_LINUX_ALSA-2023-0832.NASL", "ALMA_LINUX_ALSA-2023-0854.NASL", "ALMA_LINUX_ALSA-2023-0951.NASL", "ALMA_LINUX_ALSA-2023-0979.NASL", "ALMA_LINUX_ALSA-2023-2148.NASL", "ALMA_LINUX_ALSA-2023-2458.NASL", "ALMA_LINUX_ALSA-2023-2736.NASL", "ALMA_LINUX_ALSA-2023-2951.NASL", "CENTOS_RHSA-2022-5232.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3173.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DLA-3349.NASL", "DEBIAN_DLA-3403.NASL", "DEBIAN_DSA-5161.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5178.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5191.NASL", "DEBIAN_DSA-5207.NASL", "DEBIAN_DSA-5257.NASL", "DEBIAN_DSA-5324.NASL", "EULEROS_SA-2022-1844.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2225.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2257.NASL", "EULEROS_SA-2022-2273.NASL", "EULEROS_SA-2022-2292.NASL", "EULEROS_SA-2022-2321.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2415.NASL", "EULEROS_SA-2022-2428.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2619.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2796.NASL", "EULEROS_SA-2022-2823.NASL", "EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "EULEROS_SA-2022-2906.NASL", "EULEROS_SA-2022-2932.NASL", "EULEROS_SA-2023-1147.NASL", "EULEROS_SA-2023-1168.NASL", "EULEROS_SA-2023-1193.NASL", "EULEROS_SA-2023-1223.NASL", "EULEROS_SA-2023-1320.NASL", "EULEROS_SA-2023-1444.NASL", "EULEROS_SA-2023-1469.NASL", "EULEROS_SA-2023-1507.NASL", "EULEROS_SA-2023-1526.NASL", "EULEROS_SA-2023-1551.NASL", "EULEROS_SA-2023-1637.NASL", "EULEROS_SA-2023-1671.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-1902.NASL", "EULEROS_SA-2023-1933.NASL", "EULEROS_SA-2023-2152.NASL", "EULEROS_SA-2023-2252.NASL", "F5_BIGIP_SOL08152433.NASL", "F5_BIGIP_SOL83713003.NASL", "FEDORA_2022-391E24517D.NASL", "FEDORA_2022-C69EF9C1DD.NASL", "GENTOO_GLSA-202208-23.NASL", "MARINER_KERNEL_CVE-2022-0494.NASL", "MARINER_KERNEL_CVE-2022-1852.NASL", "MARINER_KERNEL_CVE-2022-1943.NASL", "MARINER_KERNEL_CVE-2022-2078.NASL", "MARINER_KERNEL_CVE-2022-2318.NASL", "MARINER_KERNEL_CVE-2022-28893.NASL", "MARINER_KERNEL_CVE-2022-33743.NASL", "MARINER_KERNEL_CVE-2022-33744.NASL", "MARINER_KERNEL_CVE-2022-34494.NASL", "MARINER_KERNEL_CVE-2022-34495.NASL", "MARINER_KERNEL_CVE-2022-34918.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0005_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0017_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0025_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0030_KERNEL.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_5_1_5.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "NUTANIX_NXSA-AOS-6_5_3.NASL", "NUTANIX_NXSA-AOS-6_6_2.NASL", "ORACLELINUX_ELSA-2022-10022.NASL", "ORACLELINUX_ELSA-2022-10023.NASL", "ORACLELINUX_ELSA-2022-10078.NASL", "ORACLELINUX_ELSA-2022-10080.NASL", "ORACLELINUX_ELSA-2022-5232.NASL", "ORACLELINUX_ELSA-2022-5249.NASL", "ORACLELINUX_ELSA-2022-5564.NASL", "ORACLELINUX_ELSA-2022-5819.NASL", "ORACLELINUX_ELSA-2022-5937.NASL", "ORACLELINUX_ELSA-2022-6003.NASL", "ORACLELINUX_ELSA-2022-6460.NASL", "ORACLELINUX_ELSA-2022-6610.NASL", "ORACLELINUX_ELSA-2022-7110.NASL", "ORACLELINUX_ELSA-2022-7318.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9409.NASL", "ORACLELINUX_ELSA-2022-9410.NASL", "ORACLELINUX_ELSA-2022-9412.NASL", "ORACLELINUX_ELSA-2022-9413.NASL", "ORACLELINUX_ELSA-2022-9422.NASL", "ORACLELINUX_ELSA-2022-9423.NASL", "ORACLELINUX_ELSA-2022-9425.NASL", "ORACLELINUX_ELSA-2022-9426.NASL", "ORACLELINUX_ELSA-2022-9427.NASL", "ORACLELINUX_ELSA-2022-9442.NASL", "ORACLELINUX_ELSA-2022-9443.NASL", "ORACLELINUX_ELSA-2022-9481.NASL", "ORACLELINUX_ELSA-2022-9482.NASL", "ORACLELINUX_ELSA-2022-9483.NASL", "ORACLELINUX_ELSA-2022-9484.NASL", "ORACLELINUX_ELSA-2022-9485.NASL", "ORACLELINUX_ELSA-2022-9486.NASL", "ORACLELINUX_ELSA-2022-9495.NASL", "ORACLELINUX_ELSA-2022-9496.NASL", "ORACLELINUX_ELSA-2022-9507.NASL", "ORACLELINUX_ELSA-2022-9508.NASL", "ORACLELINUX_ELSA-2022-9557.NASL", "ORACLELINUX_ELSA-2022-9582.NASL", "ORACLELINUX_ELSA-2022-9583.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLELINUX_ELSA-2022-9601.NASL", "ORACLELINUX_ELSA-2022-9602.NASL", "ORACLELINUX_ELSA-2022-9609.NASL", "ORACLELINUX_ELSA-2022-9612.NASL", "ORACLELINUX_ELSA-2022-9667.NASL", "ORACLELINUX_ELSA-2022-9670.NASL", "ORACLELINUX_ELSA-2022-9689.NASL", "ORACLELINUX_ELSA-2022-9690.NASL", "ORACLELINUX_ELSA-2022-9691.NASL", "ORACLELINUX_ELSA-2022-9692.NASL", "ORACLELINUX_ELSA-2022-9693.NASL", "ORACLELINUX_ELSA-2022-9694.NASL", "ORACLELINUX_ELSA-2022-9699.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9787.NASL", "ORACLELINUX_ELSA-2022-9788.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9828.NASL", "ORACLELINUX_ELSA-2022-9829.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9870.NASL", "ORACLELINUX_ELSA-2022-9871.NASL", "ORACLELINUX_ELSA-2022-9926.NASL", "ORACLELINUX_ELSA-2022-9927.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLELINUX_ELSA-2023-0832.NASL", "ORACLELINUX_ELSA-2023-0951.NASL", "ORACLELINUX_ELSA-2023-12160.NASL", "ORACLELINUX_ELSA-2023-12199.NASL", "ORACLELINUX_ELSA-2023-12200.NASL", "ORACLELINUX_ELSA-2023-12206.NASL", "ORACLELINUX_ELSA-2023-12207.NASL", "ORACLELINUX_ELSA-2023-12565.NASL", "ORACLELINUX_ELSA-2023-12566.NASL", "ORACLELINUX_ELSA-2023-2458.NASL", "ORACLELINUX_ELSA-2023-2951.NASL", "ORACLEVM_OVMSA-2022-0019.NASL", "ORACLEVM_OVMSA-2022-0020.NASL", "ORACLEVM_OVMSA-2022-0021.NASL", "ORACLEVM_OVMSA-2022-0022.NASL", "ORACLEVM_OVMSA-2022-0023.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "ORACLEVM_OVMSA-2023-0004.NASL", "REDHAT-RHSA-2022-5157.NASL", "REDHAT-RHSA-2022-5214.NASL", "REDHAT-RHSA-2022-5216.NASL", "REDHAT-RHSA-2022-5220.NASL", "REDHAT-RHSA-2022-5224.NASL", "REDHAT-RHSA-2022-5232.NASL", "REDHAT-RHSA-2022-5236.NASL", "REDHAT-RHSA-2022-5249.NASL", "REDHAT-RHSA-2022-5267.NASL", "REDHAT-RHSA-2022-5439.NASL", "REDHAT-RHSA-2022-5476.NASL", "REDHAT-RHSA-2022-5564.NASL", "REDHAT-RHSA-2022-5565.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "REDHAT-RHSA-2022-5636.NASL", "REDHAT-RHSA-2022-5641.NASL", "REDHAT-RHSA-2022-5648.NASL", "REDHAT-RHSA-2022-5802.NASL", "REDHAT-RHSA-2022-5804.NASL", "REDHAT-RHSA-2022-5805.NASL", "REDHAT-RHSA-2022-5806.NASL", "REDHAT-RHSA-2022-5819.NASL", "REDHAT-RHSA-2022-5834.NASL", "REDHAT-RHSA-2022-5839.NASL", "REDHAT-RHSA-2022-5937.NASL", "REDHAT-RHSA-2022-5939.NASL", "REDHAT-RHSA-2022-6002.NASL", "REDHAT-RHSA-2022-6003.NASL", "REDHAT-RHSA-2022-6073.NASL", "REDHAT-RHSA-2022-6075.NASL", "REDHAT-RHSA-2022-6243.NASL", "REDHAT-RHSA-2022-6248.NASL", "REDHAT-RHSA-2022-6432.NASL", "REDHAT-RHSA-2022-6437.NASL", "REDHAT-RHSA-2022-6460.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-6582.NASL", "REDHAT-RHSA-2022-6592.NASL", "REDHAT-RHSA-2022-6610.NASL", "REDHAT-RHSA-2022-6741.NASL", "REDHAT-RHSA-2022-6872.NASL", "REDHAT-RHSA-2022-6875.NASL", "REDHAT-RHSA-2022-6978.NASL", "REDHAT-RHSA-2022-6983.NASL", "REDHAT-RHSA-2022-6991.NASL", "REDHAT-RHSA-2022-7110.NASL", "REDHAT-RHSA-2022-7134.NASL", "REDHAT-RHSA-2022-7137.NASL", "REDHAT-RHSA-2022-7146.NASL", "REDHAT-RHSA-2022-7171.NASL", "REDHAT-RHSA-2022-7173.NASL", "REDHAT-RHSA-2022-7279.NASL", "REDHAT-RHSA-2022-7280.NASL", "REDHAT-RHSA-2022-7318.NASL", "REDHAT-RHSA-2022-7319.NASL", "REDHAT-RHSA-2022-7330.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7344.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7885.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "REDHAT-RHSA-2023-0440.NASL", "REDHAT-RHSA-2023-0832.NASL", "REDHAT-RHSA-2023-0854.NASL", "REDHAT-RHSA-2023-0951.NASL", "REDHAT-RHSA-2023-0979.NASL", "REDHAT-RHSA-2023-2148.NASL", "REDHAT-RHSA-2023-2458.NASL", "REDHAT-RHSA-2023-2736.NASL", "REDHAT-RHSA-2023-2951.NASL", "ROCKY_LINUX_RLSA-2022-5564.NASL", "ROCKY_LINUX_RLSA-2022-5565.NASL", "ROCKY_LINUX_RLSA-2022-5819.NASL", "ROCKY_LINUX_RLSA-2022-5834.NASL", "ROCKY_LINUX_RLSA-2022-6437.NASL", "ROCKY_LINUX_RLSA-2022-7110.NASL", "ROCKY_LINUX_RLSA-2022-7134.NASL", "ROCKY_LINUX_RLSA-2023-0832.NASL", "ROCKY_LINUX_RLSA-2023-0854.NASL", "ROCKY_LINUX_RLSA-2023-0979.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SL_20220628_KERNEL_ON_SL7_X.NASL", "SL_20220809_KERNEL_ON_SL7_X.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS22_JUN_5014692.NASL", "SMB_NT_MS22_JUN_5014697.NASL", "SMB_NT_MS22_JUN_5014699.NASL", "SMB_NT_MS22_JUN_5014702.NASL", "SMB_NT_MS22_JUN_5014710.NASL", "SMB_NT_MS22_JUN_5014741.NASL", "SMB_NT_MS22_JUN_5014742.NASL", "SMB_NT_MS22_JUN_5014743.NASL", "SMB_NT_MS22_JUN_5014746.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2078-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2083-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2116-1.NASL", "SUSE_SU-2022-2172-1.NASL", "SUSE_SU-2022-2173-1.NASL", "SUSE_SU-2022-2177-1.NASL", "SUSE_SU-2022-2194-1.NASL", "SUSE_SU-2022-2195-1.NASL", "SUSE_SU-2022-2206-1.NASL", "SUSE_SU-2022-2214-1.NASL", "SUSE_SU-2022-2216-1.NASL", "SUSE_SU-2022-2217-1.NASL", "SUSE_SU-2022-2220-1.NASL", "SUSE_SU-2022-2230-1.NASL", "SUSE_SU-2022-2239-1.NASL", "SUSE_SU-2022-2245-1.NASL", "SUSE_SU-2022-2262-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-2276-1.NASL", "SUSE_SU-2022-2281-1.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2438-1.NASL", "SUSE_SU-2022-2444-1.NASL", "SUSE_SU-2022-2445-1.NASL", "SUSE_SU-2022-2446-1.NASL", "SUSE_SU-2022-2461-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2482-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2696-1.NASL", "SUSE_SU-2022-2697-1.NASL", "SUSE_SU-2022-2699-1.NASL", "SUSE_SU-2022-2700-1.NASL", "SUSE_SU-2022-2709-1.NASL", "SUSE_SU-2022-2710-1.NASL", "SUSE_SU-2022-2719-1.NASL", "SUSE_SU-2022-2720-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2722-1.NASL", "SUSE_SU-2022-2723-1.NASL", "SUSE_SU-2022-2726-1.NASL", "SUSE_SU-2022-2727-1.NASL", "SUSE_SU-2022-2728-1.NASL", "SUSE_SU-2022-2732-1.NASL", "SUSE_SU-2022-2738-1.NASL", "SUSE_SU-2022-2741-1.NASL", "SUSE_SU-2022-2745-1.NASL", "SUSE_SU-2022-2750-1.NASL", "SUSE_SU-2022-2759-1.NASL", "SUSE_SU-2022-2762-1.NASL", "SUSE_SU-2022-2766-1.NASL", "SUSE_SU-2022-2770-1.NASL", "SUSE_SU-2022-2776-1.NASL", "SUSE_SU-2022-2779-1.NASL", "SUSE_SU-2022-2780-1.NASL", "SUSE_SU-2022-2781-1.NASL", "SUSE_SU-2022-2783-1.NASL", "SUSE_SU-2022-2789-1.NASL", "SUSE_SU-2022-2803-1.NASL", "SUSE_SU-2022-2808-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-2827-1.NASL", "SUSE_SU-2022-2840-1.NASL", "SUSE_SU-2022-2854-1.NASL", "SUSE_SU-2022-2875-1.NASL", "SUSE_SU-2022-2892-1.NASL", "SUSE_SU-2022-2910-1.NASL", "SUSE_SU-2022-3061-1.NASL", "SUSE_SU-2022-3072-1.NASL", "SUSE_SU-2022-3108-1.NASL", "SUSE_SU-2022-3123-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3342-1.NASL", "SUSE_SU-2022-3350-1.NASL", "SUSE_SU-2022-3359-1.NASL", "SUSE_SU-2022-3360-1.NASL", "SUSE_SU-2022-3368-1.NASL", "SUSE_SU-2022-3370-1.NASL", "SUSE_SU-2022-3373-1.NASL", "SUSE_SU-2022-3407-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3409-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3424-1.NASL", "SUSE_SU-2022-3433-1.NASL", "SUSE_SU-2022-3445-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3464-1.NASL", "SUSE_SU-2022-3476-1.NASL", "SUSE_SU-2022-3584-1.NASL", "SUSE_SU-2022-3585-1.NASL", "SUSE_SU-2022-3586-1.NASL", "SUSE_SU-2022-3587-1.NASL", "SUSE_SU-2022-3599-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3665-1.NASL", "SUSE_SU-2022-3688-1.NASL", "SUSE_SU-2022-3693-1.NASL", "SUSE_SU-2022-3704-1.NASL", "SUSE_SU-2022-3728-1.NASL", "SUSE_SU-2022-3775-1.NASL", "SUSE_SU-2022-3779-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-3810-1.NASL", "SUSE_SU-2022-3844-1.NASL", "SUSE_SU-2022-3928-1.NASL", "SUSE_SU-2022-4024-1.NASL", "SUSE_SU-2022-4027-1.NASL", "SUSE_SU-2022-4030-1.NASL", "SUSE_SU-2022-4033-1.NASL", "SUSE_SU-2022-4034-1.NASL", "SUSE_SU-2022-4035-1.NASL", "SUSE_SU-2022-4039-1.NASL", "SUSE_SU-2022-4100-1.NASL", "SUSE_SU-2022-4112-1.NASL", "SUSE_SU-2022-4113-1.NASL", "SUSE_SU-2022-4129-1.NASL", "SUSE_SU-2022-4616-1.NASL", "SUSE_SU-2022-4617-1.NASL", "TENABLE_OT_SIEMENS_CVE-2022-1652.NASL", "TENABLE_OT_SIEMENS_CVE-2022-1729.NASL", "UBUNTU_USN-5381-1.NASL", "UBUNTU_USN-5465-1.NASL", "UBUNTU_USN-5466-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5468-1.NASL", "UBUNTU_USN-5469-1.NASL", "UBUNTU_USN-5470-1.NASL", "UBUNTU_USN-5471-1.NASL", "UBUNTU_USN-5485-1.NASL", "UBUNTU_USN-5485-2.NASL", "UBUNTU_USN-5486-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5514-1.NASL", "UBUNTU_USN-5517-1.NASL", "UBUNTU_USN-5518-1.NASL", "UBUNTU_USN-5529-1.NASL", "UBUNTU_USN-5535-1.NASL", "UBUNTU_USN-5539-1.NASL", "UBUNTU_USN-5540-1.NASL", "UBUNTU_USN-5544-1.NASL", "UBUNTU_USN-5545-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5572-1.NASL", "UBUNTU_USN-5577-1.NASL", "UBUNTU_USN-5579-1.NASL", "UBUNTU_USN-5580-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5590-1.NASL", "UBUNTU_USN-5594-1.NASL", "UBUNTU_USN-5596-1.NASL", "UBUNTU_USN-5599-1.NASL", "UBUNTU_USN-5602-1.NASL", "UBUNTU_USN-5616-1.NASL", "UBUNTU_USN-5621-1.NASL", "UBUNTU_USN-5622-1.NASL", "UBUNTU_USN-5623-1.NASL", "UBUNTU_USN-5624-1.NASL", "UBUNTU_USN-5630-1.NASL", "UBUNTU_USN-5633-1.NASL", "UBUNTU_USN-5634-1.NASL", "UBUNTU_USN-5635-1.NASL", "UBUNTU_USN-5639-1.NASL", "UBUNTU_USN-5640-1.NASL", "UBUNTU_USN-5644-1.NASL", "UBUNTU_USN-5647-1.NASL", "UBUNTU_USN-5648-1.NASL", "UBUNTU_USN-5650-1.NASL", "UBUNTU_USN-5652-1.NASL", "UBUNTU_USN-5654-1.NASL", "UBUNTU_USN-5655-1.NASL", "UBUNTU_USN-5660-1.NASL", "UBUNTU_USN-5667-1.NASL", "UBUNTU_USN-5668-1.NASL", "UBUNTU_USN-5669-1.NASL", "UBUNTU_USN-5669-2.NASL", "UBUNTU_USN-5677-1.NASL", "UBUNTU_USN-5678-1.NASL", "UBUNTU_USN-5679-1.NASL", "UBUNTU_USN-5682-1.NASL", "UBUNTU_USN-5683-1.NASL", "UBUNTU_USN-5684-1.NASL", "UBUNTU_USN-5687-1.NASL", "UBUNTU_USN-5693-1.NASL", "UBUNTU_USN-5695-1.NASL", "UBUNTU_USN-5703-1.NASL", "UBUNTU_USN-5706-1.NASL", "UBUNTU_USN-5727-1.NASL", "UBUNTU_USN-5727-2.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL", "UBUNTU_USN-5773-1.NASL", "UBUNTU_USN-5774-1.NASL", "UBUNTU_USN-5789-1.NASL", "UBUNTU_USN-5854-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5862-1.NASL", "UBUNTU_USN-5865-1.NASL", "UBUNTU_USN-5883-1.NASL", "UBUNTU_USN-5913-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6007-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6031-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2023", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-10022", "ELSA-2022-10023", "ELSA-2022-10078", "ELSA-2022-10080", "ELSA-2022-5232", "ELSA-2022-5249", "ELSA-2022-5564", "ELSA-2022-5819", "ELSA-2022-5937", "ELSA-2022-6003", "ELSA-2022-6460", "ELSA-2022-6610", "ELSA-2022-7110", "ELSA-2022-7318", "ELSA-2022-7337", "ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9409", "ELSA-2022-9410", "ELSA-2022-9412", "ELSA-2022-9413", "ELSA-2022-9422", "ELSA-2022-9423", "ELSA-2022-9425", "ELSA-2022-9426", "ELSA-2022-9427", "ELSA-2022-9442", "ELSA-2022-9443", "ELSA-2022-9481", "ELSA-2022-9482", "ELSA-2022-9483", "ELSA-2022-9484", "ELSA-2022-9485", "ELSA-2022-9486", "ELSA-2022-9495", "ELSA-2022-9496", "ELSA-2022-9507", "ELSA-2022-9508", "ELSA-2022-9557", "ELSA-2022-9582", "ELSA-2022-9583", "ELSA-2022-9590", "ELSA-2022-9591", "ELSA-2022-9601", "ELSA-2022-9602", "ELSA-2022-9609", "ELSA-2022-9612", "ELSA-2022-9667", "ELSA-2022-9670", "ELSA-2022-9689", "ELSA-2022-9690", "ELSA-2022-9691", "ELSA-2022-9692", "ELSA-2022-9693", "ELSA-2022-9694", "ELSA-2022-9699", "ELSA-2022-9709", "ELSA-2022-9710", "ELSA-2022-9761", "ELSA-2022-9787", "ELSA-2022-9788", "ELSA-2022-9827", "ELSA-2022-9828", "ELSA-2022-9829", "ELSA-2022-9830", "ELSA-2022-9852", "ELSA-2022-9870", "ELSA-2022-9871", "ELSA-2022-9926", "ELSA-2022-9927", "ELSA-2022-9969", "ELSA-2023-0832", "ELSA-2023-0951", "ELSA-2023-12160", "ELSA-2023-12199", "ELSA-2023-12200", "ELSA-2023-12206", "ELSA-2023-12207", "ELSA-2023-12565", "ELSA-2023-12566", "ELSA-2023-2458", "ELSA-2023-2951"]}, {"type": "osv", "idList": ["OSV:CVE-2022-26365", "OSV:CVE-2022-29900", "OSV:CVE-2022-33740", "OSV:CVE-2022-33741", "OSV:CVE-2022-33742", "OSV:CVE-2022-33743", "OSV:CVE-2022-33744", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3173-1", "OSV:DLA-3245-1", "OSV:DLA-3349-1", "OSV:DLA-3403-1", "OSV:DSA-5161-1", "OSV:DSA-5173-1", "OSV:DSA-5178-1", "OSV:DSA-5191-1", "OSV:DSA-5207-1", "OSV:DSA-5257-1", "OSV:DSA-5257-2", "OSV:DSA-5324-1", "OSV:GHSA-J4RF-7357-F4CG"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:168543"]}, {"type": "photon", "idList": ["PHSA-2022-0189", "PHSA-2022-0195", "PHSA-2022-0201", "PHSA-2022-0214", "PHSA-2022-0226", "PHSA-2022-0238", "PHSA-2022-0248", "PHSA-2022-0399", "PHSA-2022-0409", "PHSA-2022-0425", "PHSA-2022-0482", "PHSA-2022-0488", "PHSA-2022-0506", "PHSA-2022-0517", "PHSA-2022-0522", "PHSA-2022-0527", "PHSA-2022-3.0-0399", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0425", "PHSA-2022-3.0-0433", "PHSA-2022-3.0-0446", "PHSA-2022-3.0-0459", "PHSA-2022-3.0-0464", "PHSA-2022-4.0-0189", "PHSA-2022-4.0-0195", "PHSA-2022-4.0-0201", "PHSA-2022-4.0-0214", "PHSA-2022-4.0-0226", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0248", "PHSA-2023-3.0-0528", "PHSA-2023-3.0-0559"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "RAPID7BLOG:5BB5A527EBC10639A3F1F7010D15B8F1"]}, {"type": "redhat", "idList": ["RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5157", "RHSA-2022:5214", "RHSA-2022:5216", "RHSA-2022:5220", "RHSA-2022:5224", "RHSA-2022:5232", "RHSA-2022:5236", "RHSA-2022:5249", "RHSA-2022:5267", "RHSA-2022:5439", "RHSA-2022:5476", "RHSA-2022:5564", "RHSA-2022:5565", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5636", "RHSA-2022:5641", "RHSA-2022:5648", "RHSA-2022:5730", "RHSA-2022:5802", "RHSA-2022:5804", "RHSA-2022:5805", "RHSA-2022:5806", "RHSA-2022:5819", "RHSA-2022:5834", "RHSA-2022:5839", "RHSA-2022:5879", "RHSA-2022:5937", "RHSA-2022:5939", "RHSA-2022:6002", "RHSA-2022:6003", "RHSA-2022:6051", "RHSA-2022:6053", "RHSA-2022:6073", "RHSA-2022:6075", "RHSA-2022:6103", "RHSA-2022:6243", "RHSA-2022:6248", "RHSA-2022:6252", "RHSA-2022:6258", "RHSA-2022:6271", "RHSA-2022:6308", "RHSA-2022:6317", "RHSA-2022:6318", "RHSA-2022:6322", "RHSA-2022:6370", "RHSA-2022:6432", "RHSA-2022:6437", "RHSA-2022:6460", "RHSA-2022:6507", "RHSA-2022:6536", "RHSA-2022:6537", "RHSA-2022:6551", "RHSA-2022:6560", "RHSA-2022:6582", "RHSA-2022:6592", "RHSA-2022:6610", "RHSA-2022:6681", "RHSA-2022:6696", "RHSA-2022:6741", "RHSA-2022:6872", "RHSA-2022:6875", "RHSA-2022:6882", "RHSA-2022:6890", "RHSA-2022:6954", "RHSA-2022:6978", "RHSA-2022:6983", "RHSA-2022:6991", "RHSA-2022:7110", "RHSA-2022:7134", "RHSA-2022:7137", "RHSA-2022:7146", "RHSA-2022:7171", "RHSA-2022:7173", "RHSA-2022:7201", "RHSA-2022:7211", "RHSA-2022:7216", "RHSA-2022:7276", "RHSA-2022:7279", "RHSA-2022:7280", "RHSA-2022:7313", "RHSA-2022:7318", "RHSA-2022:7319", "RHSA-2022:7330", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7344", "RHSA-2022:7434", "RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7874", "RHSA-2022:7885", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8609", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:8973", "RHSA-2022:8974", "RHSA-2022:9040", "RHSA-2023:0440", "RHSA-2023:0832", "RHSA-2023:0854", "RHSA-2023:0930", "RHSA-2023:0931", "RHSA-2023:0932", "RHSA-2023:0951", "RHSA-2023:0979", "RHSA-2023:2148", "RHSA-2023:2458", "RHSA-2023:2951", "RHSA-2023:3326", "RHSA-2023:3356", "RHSA-2023:3495"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-33655", "RH:CVE-2022-0494", "RH:CVE-2022-1012", "RH:CVE-2022-1184", "RH:CVE-2022-1462", "RH:CVE-2022-1652", "RH:CVE-2022-1679", "RH:CVE-2022-1729", "RH:CVE-2022-1734", "RH:CVE-2022-1789", "RH:CVE-2022-1852", "RH:CVE-2022-1943", "RH:CVE-2022-1966", "RH:CVE-2022-1972", "RH:CVE-2022-1973", "RH:CVE-2022-1974", "RH:CVE-2022-1975", "RH:CVE-2022-2078", "RH:CVE-2022-21123", "RH:CVE-2022-21125", "RH:CVE-2022-21166", "RH:CVE-2022-21499", "RH:CVE-2022-21505", "RH:CVE-2022-2318", "RH:CVE-2022-23824", "RH:CVE-2022-2503", "RH:CVE-2022-2585", "RH:CVE-2022-2586", "RH:CVE-2022-2588", "RH:CVE-2022-26373", "RH:CVE-2022-2873", "RH:CVE-2022-28893", "RH:CVE-2022-29900", "RH:CVE-2022-29901", "RH:CVE-2022-32250", "RH:CVE-2022-32296", "RH:CVE-2022-32981", "RH:CVE-2022-33743", "RH:CVE-2022-34494", "RH:CVE-2022-34495", "RH:CVE-2022-34918", "RH:CVE-2022-36123", "RH:CVE-2022-36879", "RH:CVE-2022-36946"]}, {"type": "redos", "idList": ["ROS-20220516-07", "ROS-20220619-01", "ROS-20220908-01", "ROS-20220919-01", "ROS-20221220-01"]}, {"type": "rocky", "idList": ["RLBA-2022:7317", "RLSA-2022:5564", "RLSA-2022:5565", "RLSA-2022:5819", "RLSA-2022:5834", "RLSA-2022:6437", "RLSA-2022:6460", "RLSA-2022:7110", "RLSA-2022:7134", "RLSA-2022:7318", "RLSA-2022:7319", "RLSA-2022:7444", "RLSA-2022:7683", "RLSA-2023:0832", "RLSA-2023:0854", "RLSA-2023:0979", "RXSA-2023:0832", "RXSA-2023:0951"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2022-2056"]}, {"type": "slackware", "idList": ["SSA-2022-129-01", "SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2173-1", "OPENSUSE-SU-2022:2177-1", "OPENSUSE-SU-2022:2422-1", "OPENSUSE-SU-2022:2549-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2078-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2172-1", "SUSE-SU-2022:2173-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2424-2", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:2722-1", "SUSE-SU-2022:2741-1", "SUSE-SU-2022:2803-1", "SUSE-SU-2022:2827-1", "SUSE-SU-2022:2875-1", "SUSE-SU-2022:2875-2", "SUSE-SU-2022:2892-2", "SUSE-SU-2022:3264-1", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3585-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3665-1", "SUSE-SU-2022:3693-1", "SUSE-SU-2022:3775-1", "SUSE-SU-2022:3809-1", "SUSE-SU-2022:3844-1"]}, {"type": "thn", "idList": ["THN:7653AAD966BDC7D71A9D1981CA662AC3", "THN:83DDF7EA5627F196DA7F3A5DB2F32A06"]}, {"type": "ubuntu", "idList": ["LSN-0086-1", "LSN-0087-1", "LSN-0089-1", "USN-5381-1", "USN-5465-1", "USN-5466-1", "USN-5467-1", "USN-5468-1", "USN-5469-1", "USN-5470-1", "USN-5471-1", "USN-5484-1", "USN-5485-1", "USN-5485-2", "USN-5486-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5514-1", "USN-5517-1", "USN-5518-1", "USN-5529-1", "USN-5535-1", "USN-5539-1", "USN-5540-1", "USN-5544-1", "USN-5545-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5572-1", "USN-5572-2", "USN-5577-1", "USN-5579-1", "USN-5580-1", "USN-5582-1", "USN-5588-1", "USN-5590-1", "USN-5594-1", "USN-5596-1", "USN-5599-1", "USN-5602-1", "USN-5616-1", "USN-5621-1", "USN-5622-1", "USN-5623-1", "USN-5624-1", "USN-5630-1", "USN-5633-1", "USN-5634-1", "USN-5635-1", "USN-5639-1", "USN-5640-1", "USN-5644-1", "USN-5647-1", "USN-5648-1", "USN-5650-1", "USN-5652-1", "USN-5654-1", "USN-5655-1", "USN-5660-1", "USN-5667-1", "USN-5668-1", "USN-5669-1", "USN-5669-2", "USN-5677-1", "USN-5678-1", "USN-5679-1", "USN-5682-1", "USN-5683-1", "USN-5684-1", "USN-5687-1", "USN-5693-1", "USN-5695-1", "USN-5703-1", "USN-5706-1", "USN-5727-1", "USN-5727-2", "USN-5728-1", "USN-5728-2", "USN-5728-3", "USN-5773-1", "USN-5774-1", "USN-5789-1", "USN-5854-1", "USN-5861-1", "USN-5862-1", "USN-5865-1", "USN-5883-1", "USN-5913-1", "USN-5924-1", "USN-5975-1", "USN-6001-1", "USN-6007-1", "USN-6013-1", "USN-6014-1", "USN-6031-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-33655", "UB:CVE-2022-0494", "UB:CVE-2022-1012", "UB:CVE-2022-1184", "UB:CVE-2022-1462", "UB:CVE-2022-1652", "UB:CVE-2022-1679", "UB:CVE-2022-1729", "UB:CVE-2022-1734", "UB:CVE-2022-1789", "UB:CVE-2022-1852", "UB:CVE-2022-1943", "UB:CVE-2022-1972", "UB:CVE-2022-1973", "UB:CVE-2022-1974", "UB:CVE-2022-1975", "UB:CVE-2022-20572", "UB:CVE-2022-2078", "UB:CVE-2022-21123", "UB:CVE-2022-21125", "UB:CVE-2022-21166", "UB:CVE-2022-21499", "UB:CVE-2022-21505", "UB:CVE-2022-2318", "UB:CVE-2022-2503", "UB:CVE-2022-2585", "UB:CVE-2022-2586", "UB:CVE-2022-2588", "UB:CVE-2022-26365", "UB:CVE-2022-26373", "UB:CVE-2022-2873", "UB:CVE-2022-28893", "UB:CVE-2022-29900", "UB:CVE-2022-29901", "UB:CVE-2022-32250", "UB:CVE-2022-32296", "UB:CVE-2022-32981", "UB:CVE-2022-33740", "UB:CVE-2022-33741", "UB:CVE-2022-33742", "UB:CVE-2022-33743", "UB:CVE-2022-33744", "UB:CVE-2022-34494", "UB:CVE-2022-34495", "UB:CVE-2022-34918", "UB:CVE-2022-36123", "UB:CVE-2022-36879", "UB:CVE-2022-36946"]}, {"type": "veracode", "idList": ["VERACODE:36026", "VERACODE:36027", "VERACODE:36029", "VERACODE:36254", "VERACODE:36304", "VERACODE:36324", "VERACODE:36325", "VERACODE:36326", "VERACODE:36361", "VERACODE:36369", "VERACODE:36423", "VERACODE:37004", "VERACODE:37092", "VERACODE:37094", "VERACODE:37096", "VERACODE:37097", "VERACODE:37098", "VERACODE:37099", "VERACODE:37270", "VERACODE:37272", "VERACODE:37422", "VERACODE:37434", "VERACODE:37529", "VERACODE:37534", "VERACODE:37864", "VERACODE:38254", "VERACODE:38255", "VERACODE:38431", "VERACODE:39124", "VERACODE:39125", "VERACODE:39128", "VERACODE:39750", "VERACODE:40368"]}, {"type": "virtuozzo", "idList": ["VZA-2022-021", "VZA-2023-004"]}, {"type": "vmware", "idList": ["VMSA-2022-0016", "VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-403", "XSA-404", "XSA-405", "XSA-406", "XSA-407"]}, {"type": "zdi", "idList": ["ZDI-22-1117", "ZDI-22-1118"]}, {"type": "zdt", "idList": ["1337DAY-ID-37996"]}]}, "score": {"value": 9.1, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-33655", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-0494", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1012", "epss": 0.00053, "percentile": 0.19035, "modified": "2023-05-02"}, {"cve": "CVE-2022-1184", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1462", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1652", "epss": 0.00043, "percentile": 0.05893, "modified": "2023-05-02"}, {"cve": "CVE-2022-1679", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1729", "epss": 0.00043, "percentile": 0.07943, "modified": "2023-05-02"}, {"cve": "CVE-2022-1734", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1789", "epss": 0.00063, "percentile": 0.25391, "modified": "2023-05-02"}, {"cve": "CVE-2022-1852", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-1943", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1973", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1974", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1975", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-2078", "epss": 0.00047, "percentile": 0.14392, "modified": "2023-05-02"}, {"cve": "CVE-2022-21123", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-21125", "epss": 0.00056, "percentile": 0.21318, "modified": "2023-05-02"}, {"cve": "CVE-2022-21166", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-21499", "epss": 0.00043, "percentile": 0.07869, "modified": "2023-05-02"}, {"cve": "CVE-2022-2318", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-2503", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-26365", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-26373", "epss": 0.00045, "percentile": 0.11975, "modified": "2023-05-02"}, {"cve": "CVE-2022-2873", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-28893", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-29900", "epss": 0.00046, "percentile": 0.12912, "modified": "2023-05-02"}, {"cve": "CVE-2022-29901", "epss": 0.00087, "percentile": 0.35352, "modified": "2023-05-02"}, {"cve": "CVE-2022-32250", "epss": 0.00044, "percentile": 0.08281, "modified": "2023-05-02"}, {"cve": "CVE-2022-32296", "epss": 0.00045, "percentile": 0.12551, "modified": "2023-05-02"}, {"cve": "CVE-2022-32981", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-33740", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33741", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33742", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33743", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-33744", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-34494", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-34495", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2022-34918", "epss": 0.00066, "percentile": 0.27153, "modified": "2023-05-02"}, {"cve": "CVE-2022-36123", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-36879", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-36946", "epss": 0.00134, "percentile": 0.47079, "modified": "2023-05-02"}], "vulnersScore": 9.1}, "_state": {"dependencies": 1688733297, "score": 1698852299, "epss": 0}, "_internal": {"score_hash": "a0e78e9404549f3fbd4f30f538335408"}, "pluginID": "164458", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2022-237-02. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164458);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1462\",\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-1729\",\n \"CVE-2022-1734\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1943\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1973\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-2078\",\n \"CVE-2022-2318\",\n \"CVE-2022-2503\",\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-2873\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-21505\",\n \"CVE-2022-26365\",\n \"CVE-2022-26373\",\n \"CVE-2022-28893\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-34918\",\n \"CVE-2022-36123\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-237-02)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to kernel-generic.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel-generic installed on the remote host is prior to 5.15.63 / 5.15.63_smp. It is, therefore, affected\nby multiple vulnerabilities as referenced in the SSA:2022-237-02 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use\n after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way\n user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash\n the system or potentially (CVE-2022-1943)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller\n driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input\n data. This flaw allows a local user to crash the system. (CVE-2022-2873)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel\n lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected kernel-generic package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-generic', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-huge', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-modules', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '5.15.63_smp', 'product' : 'kernel-generic-smp', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i686' },\n { 'fixed_version' : '5.15.63_smp', 'product' : 'kernel-huge-smp', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i686' },\n { 'fixed_version' : '5.15.63_smp', 'product' : 'kernel-modules-smp', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'i686' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-source', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'noarch' },\n { 'fixed_version' : '5.15.63_smp', 'product' : 'kernel-source', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'noarch' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-headers', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'x86' },\n { 'fixed_version' : '5.15.63_smp', 'product' : 'kernel-headers', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'x86' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-generic', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'x86_64' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-huge', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'x86_64' },\n { 'fixed_version' : '5.15.63', 'product' : 'kernel-modules', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Slackware Local Security Checks", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:15.0"], "solution": "Upgrade the affected kernel-generic package.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-34918", "vendor_cvss2": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2022-04-11T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(Netfilter nft_set_elem_init Heap Overflow Privilege Escalation)"]}

{"slackware": [{"lastseen": "2023-12-06T16:45:17", "description": "New kernel packages are available for Slackware 15.0 to fix security issues.\n\n\nHere are the details from the Slackware 15.0 ChangeLog:\n\npatches/packages/linux-5.15.63/*: Upgraded.\n These updates fix various bugs and security issues.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n Fixed in 5.15.39:\n https://vulners.com/cve/CVE-2022-1974\n https://vulners.com/cve/CVE-2022-1975\n https://vulners.com/cve/CVE-2022-1734\n Fixed in 5.15.40:\n https://vulners.com/cve/CVE-2022-1943\n Fixed in 5.15.41:\n https://vulners.com/cve/CVE-2022-28893\n https://vulners.com/cve/CVE-2022-32296\n https://vulners.com/cve/CVE-2022-1012\n Fixed in 5.15.42:\n https://vulners.com/cve/CVE-2022-1652\n https://vulners.com/cve/CVE-2022-1729\n https://vulners.com/cve/CVE-2022-21499\n Fixed in 5.15.44:\n https://vulners.com/cve/CVE-2022-1789\n Fixed in 5.15.45:\n https://vulners.com/cve/CVE-2022-2873\n https://vulners.com/cve/CVE-2022-1966\n https://vulners.com/cve/CVE-2022-32250\n https://vulners.com/cve/CVE-2022-2078\n https://vulners.com/cve/CVE-2022-1852\n https://vulners.com/cve/CVE-2022-1972\n https://vulners.com/cve/CVE-2022-2503\n Fixed in 5.15.46:\n https://vulners.com/cve/CVE-2022-1184\n https://vulners.com/cve/CVE-2022-1973\n Fixed in 5.15.47:\n https://vulners.com/cve/CVE-2022-34494\n https://vulners.com/cve/CVE-2022-34495\n https://vulners.com/cve/CVE-2022-32981\n Fixed in 5.15.48:\n https://vulners.com/cve/CVE-2022-21125\n https://vulners.com/cve/CVE-2022-21166\n https://vulners.com/cve/CVE-2022-21123\n Fixed in 5.15.53:\n https://vulners.com/cve/CVE-2022-2318\n https://vulners.com/cve/CVE-2022-33743\n https://vulners.com/cve/CVE-2022-33742\n https://vulners.com/cve/CVE-2022-33741\n https://vulners.com/cve/CVE-2022-33740\n https://vulners.com/cve/CVE-2022-26365\n https://vulners.com/cve/CVE-2022-33744\n Fixed in 5.15.54:\n https://vulners.com/cve/CVE-2021-33655\n https://vulners.com/cve/CVE-2022-34918\n Fixed in 5.15.56:\n https://vulners.com/cve/CVE-2022-36123\n Fixed in 5.15.57:\n https://vulners.com/cve/CVE-2022-29900\n https://vulners.com/cve/CVE-2022-29901\n Fixed in 5.15.58:\n https://vulners.com/cve/CVE-2022-21505\n https://vulners.com/cve/CVE-2022-1462\n https://vulners.com/cve/CVE-2022-36879\n Fixed in 5.15.59:\n https://vulners.com/cve/CVE-2022-36946\n Fixed in 5.15.60:\n https://vulners.com/cve/CVE-2022-26373\n Fixed in 5.15.61:\n https://vulners.com/cve/CVE-2022-2586\n https://vulners.com/cve/CVE-2022-2585\n https://vulners.com/cve/CVE-2022-1679\n https://vulners.com/cve/CVE-2022-2588\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nUpdated packages for Slackware 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-generic-5.15.63-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-generic-smp-5.15.63_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-headers-5.15.63_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-huge-5.15.63-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-huge-smp-5.15.63_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-modules-5.15.63-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-modules-smp-5.15.63_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.63/kernel-source-5.15.63_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.63/kernel-generic-5.15.63-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.63/kernel-headers-5.15.63-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.63/kernel-huge-5.15.63-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.63/kernel-modules-5.15.63-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.63/kernel-source-5.15.63-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 15.0 packages:\n5c31aac999b00d15a783e6094f637532 kernel-generic-5.15.63-i586-1.txz\n6f8347f7b51fb9b27874d77b94ec6f30 kernel-generic-smp-5.15.63_smp-i686-1.txz\n311adc6da684773615a101ea19414113 kernel-headers-5.15.63_smp-x86-1.txz\n9beb03283db3704d81b2d5891a02aa53 kernel-huge-5.15.63-i586-1.txz\n4ef4877067f5e7c48e72d1454f0356bc kernel-huge-smp-5.15.63_smp-i686-1.txz\na8bc611fb93241a04e3ab3a8341fa16d kernel-modules-5.15.63-i586-1.txz\nb5d3943050cc989ca2ff38cd8e9f8d57 kernel-modules-smp-5.15.63_smp-i686-1.txz\nd4af5bb1a638d16f2f12c59330b6a4ed kernel-source-5.15.63_smp-noarch-1.txz\n\nSlackware x86_64 15.0 packages:\n3d90053137ecf7d6bba568f5220abfa3 kernel-generic-5.15.63-x86_64-1.txz\n9e9140aee3e53f89c91e0da799b23938 kernel-headers-5.15.63-x86-1.txz\n16a28b95d3918edc031ae3052851a003 kernel-huge-5.15.63-x86_64-1.txz\nd60d98fd8308a12addffc3cec220729f kernel-modules-5.15.63-x86_64-1.txz\nb7c3de6e71d39a80c7132c30799310ec kernel-source-5.15.63-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 15.0):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.63-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 15.0):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.63 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 5.15.63-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 5.15.63 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run \"lilo\" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-08-26T04:17:47", "type": "slackware", "title": "[slackware-security] Slackware 15.0 kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33655", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1462", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1943", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2078", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-21505", "CVE-2022-2318", "CVE-2022-2503", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26365", "CVE-2022-26373", "CVE-2022-2873", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-34918", "CVE-2022-36123", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2022-08-26T04:17:47", "id": "SSA-2022-237-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2022&m=slackware-security.885651", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-07-07T15:03:55", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-114 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-114)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-2078", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-32981", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.54-25.126", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-114.NASL", "href": "https://www.tenable.com/plugins/nessus/164769", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-114.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164769);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1973\",\n \"CVE-2022-2078\",\n \"CVE-2022-26365\",\n \"CVE-2022-32250\",\n \"CVE-2022-32981\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-114)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-114 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-114.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1852.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1973.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33743.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34495.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34918.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220719 kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.54-25.126\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1852\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-1973\", \"CVE-2022-2078\", \"CVE-2022-26365\", \"CVE-2022-32250\", \"CVE-2022-32981\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33743\", \"CVE-2022-34494\", \"CVE-2022-34495\", \"CVE-2022-34918\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-114\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.54-25.126-1.0-0.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.54-25.126-1.0-0.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.54-25.126.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:11:50", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5623-1 advisory.\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially (CVE-2022-1943)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)\n\n - A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().\n The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-2959)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-21T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5623-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33061", "CVE-2021-33655", "CVE-2022-1012", "CVE-2022-1729", "CVE-2022-1852", "CVE-2022-1943", "CVE-2022-1973", "CVE-2022-2318", "CVE-2022-2503", "CVE-2022-26365", "CVE-2022-2873", "CVE-2022-2959", "CVE-2022-32296", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k"], "id": "UBUNTU_USN-5623-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165280", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5623-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165280);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33061\",\n \"CVE-2021-33655\",\n \"CVE-2022-1012\",\n \"CVE-2022-1729\",\n \"CVE-2022-1852\",\n \"CVE-2022-1943\",\n \"CVE-2022-1973\",\n \"CVE-2022-2318\",\n \"CVE-2022-2503\",\n \"CVE-2022-2873\",\n \"CVE-2022-2959\",\n \"CVE-2022-26365\",\n \"CVE-2022-32296\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5623-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5623-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5623-1 advisory.\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged\n user to gain root privileges. The bug allows to build several exploit primitives such as kernel address\n information leak, arbitrary execution, etc. (CVE-2022-1729)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way\n user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash\n the system or potentially (CVE-2022-1943)\n\n - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.\n This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.\n (CVE-2022-1973)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to\n restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently\n allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass\n verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and\n unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for\n peripherals that do not verify firmware updates. We recommend upgrading past commit\n 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller\n driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input\n data. This flaw allows a local user to crash the system. (CVE-2022-2873)\n\n - A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().\n The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper\n locking when performing operations on an object. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-2959)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5623-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1943\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'generic': '5.15.0-48',\n 'generic-64k': '5.15.0-48',\n 'generic-lpae': '5.15.0-48',\n 'lowlatency': '5.15.0-48',\n 'lowlatency-64k': '5.15.0-48'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5623-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33061', 'CVE-2021-33655', 'CVE-2022-1012', 'CVE-2022-1729', 'CVE-2022-1852', 'CVE-2022-1943', 'CVE-2022-1973', 'CVE-2022-2318', 'CVE-2022-2503', 'CVE-2022-2873', 'CVE-2022-2959', 'CVE-2022-26365', 'CVE-2022-32296', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5623-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:09:57", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5635-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-24T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5635-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1003-gkeop"], "id": "UBUNTU_USN-5635-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165417", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5635-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165417);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5635-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5635-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5635-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5635-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1003-gkeop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.15.0': {\n 'gkeop': '5.15.0-1003'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5635-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5635-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:16:05", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5644-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5644-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp"], "id": "UBUNTU_USN-5644-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165505", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5644-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165505);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5644-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5644-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5644-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5644-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'gcp': '5.15.0-1018'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5644-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5644-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:11:50", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5633-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5633-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp"], "id": "UBUNTU_USN-5633-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165320", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5633-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5633-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5633-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5633-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5633-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.15.0': {\n 'raspi': '5.15.0-1015',\n 'raspi-nolpae': '5.15.0-1015',\n 'gke': '5.15.0-1016',\n 'gcp': '5.15.0-1018'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5633-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5633-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:13:41", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5655-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5655-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-intel-iotg"], "id": "UBUNTU_USN-5655-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165651", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5655-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165651);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5655-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5655-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5655-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5655-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-intel-iotg\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.15.0': {\n 'intel-iotg': '5.15.0-1016'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5655-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5655-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:09:59", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5648-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke"], "id": "UBUNTU_USN-5648-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165600", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5648-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165600);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5648-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5648-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5648-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5648-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gke\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'gke': '5.15.0-1016'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5648-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5648-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:26", "description": "The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-004 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-2078", "CVE-2022-32250", "CVE-2022-32981", "CVE-2022-34494", "CVE-2022-34495"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125"], "id": "AL2_ALASKERNEL-5_15-2022-004.NASL", "href": "https://www.tenable.com/plugins/nessus/163370", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-004.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163370);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1973\",\n \"CVE-2022-2078\",\n \"CVE-2022-32250\",\n \"CVE-2022-32981\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-004 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1852.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1973.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1852\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-1973\", \"CVE-2022-2078\", \"CVE-2022-32250\", \"CVE-2022-32981\", \"CVE-2022-34494\", \"CVE-2022-34495\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-004\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T12:28:43", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5191 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-5191-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34918"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:bpftool", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86", "p-cpe:/a:debian:debian_linux:linux-config-5.10", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc", "p-cpe:/a:debian:debian_linux:linux-doc-5.10", "p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-armmp", "p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-marvell", "p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-octeon", "p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rpi", "p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-s390x", "p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-5.10", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-perf", "p-cpe:/a:debian:debian_linux:linux-perf-5.10", "p-cpe:/a:debian:debian_linux:linux-source", "p-cpe:/a:debian:debian_linux:linux-source-5.10", "p-cpe:/a:debian:debian_linux:linux-support-5.10.0-13", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di", "cpe:/o:debian:debian_linux:11.0", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di"], "id": "DEBIAN_DSA-5191.NASL", "href": "https://www.tenable.com/plugins/nessus/163480", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5191. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163480);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Debian DSA-5191-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5191 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-33744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-34918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 5.10.127-2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'bpftool', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hyperv-daemons', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'libcpupower-dev', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'libcpupower1', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-arm', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-s390', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-x86', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-cpupower', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-doc', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686-pae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common-rt', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-686-pae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-amd64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-arm64', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-headers-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-unsigned', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-686-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-marvell', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-marvell-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-octeon', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-octeon-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rpi', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rpi-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-686-pae-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-amd64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-arm64-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-s390x', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-image-s390x-dbg', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-libc-dev', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-perf', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-source', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'linux-support-5.10.0-13', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-armmp-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-marvell-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'usbip', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.127-2'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.127-2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'affs-modules-5.10.0-13-4kc-malta-di / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:11:21", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5624-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-21T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k"], "id": "UBUNTU_USN-5624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165281", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5624-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165281);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5624-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5624-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5624-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5624-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-48-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'azure': '5.15.0-1020'\n }\n },\n '22.04': {\n '5.15.0': {\n 'generic': '5.15.0-48',\n 'generic-64k': '5.15.0-48',\n 'generic-lpae': '5.15.0-48',\n 'lowlatency': '5.15.0-48',\n 'lowlatency-64k': '5.15.0-48',\n 'kvm': '5.15.0-1018',\n 'azure': '5.15.0-1020'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5624-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5624-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:10:35", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5640-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-26T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5640-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34494", "CVE-2022-34495", "CVE-2022-36946"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-oracle"], "id": "UBUNTU_USN-5640-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165470", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5640-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165470);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"USN\", value:\"5640-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5640-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5640-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5640-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-oracle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.15.0': {\n 'oracle': '5.15.0-1018'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5640-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-33655', 'CVE-2022-2318', 'CVE-2022-26365', 'CVE-2022-33740', 'CVE-2022-33741', 'CVE-2022-33742', 'CVE-2022-33743', 'CVE-2022-33744', 'CVE-2022-34494', 'CVE-2022-34495', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5640-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:26", "description": "The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-003 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-2078", "CVE-2022-32250", "CVE-2022-32981", "CVE-2022-34494", "CVE-2022-34495"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125"], "id": "AL2_ALASKERNEL-5_15-2022-003.NASL", "href": "https://www.tenable.com/plugins/nessus/163371", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-003.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163371);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1973\",\n \"CVE-2022-2078\",\n \"CVE-2022-32250\",\n \"CVE-2022-32981\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-003 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1852.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1973.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1852\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-1973\", \"CVE-2022-2078\", \"CVE-2022-32250\", \"CVE-2022-32981\", \"CVE-2022-34494\", \"CVE-2022-34495\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-003\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:27:49", "description": "The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-002 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-1973", "CVE-2022-2078", "CVE-2022-32250", "CVE-2022-32981", "CVE-2022-34494", "CVE-2022-34495"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125"], "id": "AL2_ALASKERNEL-5_15-2022-002.NASL", "href": "https://www.tenable.com/plugins/nessus/163372", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-002.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163372);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-1973\",\n \"CVE-2022-2078\",\n \"CVE-2022-32250\",\n \"CVE-2022-32981\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-002 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184) (CVE-2022-1972, CVE-2022-1973)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1852.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1973.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34494.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32981\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1852\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-1973\", \"CVE-2022-2078\", \"CVE-2022-32250\", \"CVE-2022-32981\", \"CVE-2022-34494\", \"CVE-2022-34495\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-002\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.50-23.125-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.50-23.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:45", "description": "The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-015 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518"], "id": "AL2_ALASKERNEL-5_10-2022-015.NASL", "href": "https://www.tenable.com/plugins/nessus/163313", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-015.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163313);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-2078\",\n \"CVE-2022-21499\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-015 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port\n generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and\n may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-015.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1012\", \"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-2078\", \"CVE-2022-21499\", \"CVE-2022-32250\", \"CVE-2022-32296\", \"CVE-2022-32981\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-015\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:14", "description": "The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-017 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518"], "id": "AL2_ALASKERNEL-5_10-2022-017.NASL", "href": "https://www.tenable.com/plugins/nessus/163368", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-017.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163368);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-2078\",\n \"CVE-2022-21499\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-017 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port\n generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and\n may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-017.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1012\", \"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-2078\", \"CVE-2022-21499\", \"CVE-2022-32250\", \"CVE-2022-32296\", \"CVE-2022-32981\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-017\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:27:48", "description": "The version of kernel installed on the remote host is prior to 5.10.130-118.517. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-018 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2318", "CVE-2022-26365", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-33744", "CVE-2022-34918"], "modified": "2023-09-06T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.130-118.517"], "id": "AL2_ALASKERNEL-5_10-2022-018.NASL", "href": "https://www.tenable.com/plugins/nessus/163382", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163382);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/06\");\n\n script_cve_id(\n \"CVE-2021-33655\",\n \"CVE-2022-2318\",\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-33744\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.130-118.517. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-018 advisory.\n\n - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that\n allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree\n to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the\n related lock held, resulting in a small race window, which can be used by unprivileged guests via PV\n devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS)\n of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory\n pages. (CVE-2022-33744)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33655.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2318.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33743.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33744.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.130-118.517\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-33655\", \"CVE-2022-2318\", \"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33743\", \"CVE-2022-33744\", \"CVE-2022-34918\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-018\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.130-118.517-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.130-118.517-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.130-118.517.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:06:31", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5529-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5529-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1789", "CVE-2022-1852", "CVE-2022-1973", "CVE-2022-2078", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-34494", "CVE-2022-34495"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1013-oem"], "id": "UBUNTU_USN-5529-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163325", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5529-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163325);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-1789\",\n \"CVE-2022-1852\",\n \"CVE-2022-1973\",\n \"CVE-2022-2078\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-34494\",\n \"CVE-2022-34495\"\n );\n script_xref(name:\"USN\", value:\"5529-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5529-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5529-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a\n double free. (CVE-2022-34494)\n\n - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.\n (CVE-2022-34495)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5529-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1013-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.17.0': {\n 'oem': '5.17.0-1013'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5529-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-1789', 'CVE-2022-1852', 'CVE-2022-1973', 'CVE-2022-2078', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-34494', 'CVE-2022-34495');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5529-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:14", "description": "The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1789", "CVE-2022-1966", "CVE-2022-1972", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518"], "id": "AL2_ALASKERNEL-5_10-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/163312", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163312);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1789\",\n \"CVE-2022-1966\",\n \"CVE-2022-1972\",\n \"CVE-2022-2078\",\n \"CVE-2022-21499\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory.\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\n - Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port\n generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and\n may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1012\", \"CVE-2022-1184\", \"CVE-2022-1789\", \"CVE-2022-1966\", \"CVE-2022-1972\", \"CVE-2022-2078\", \"CVE-2022-21499\", \"CVE-2022-32250\", \"CVE-2022-32296\", \"CVE-2022-32981\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-016\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.126-117.518-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.126-117.518.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:13:22", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1012-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1014-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-aws"], "id": "UBUNTU_USN-5566-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164030", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5566-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164030);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-28893\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5566-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5566-1 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5566-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1012-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1014-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1016-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-aws\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.15.0': {\n 'gke': '5.15.0-1014',\n 'gcp': '5.15.0-1016',\n 'aws': '5.15.0-1017'\n }\n },\n '22.04': {\n '5.15.0': {\n 'ibm': '5.15.0-1012',\n 'raspi': '5.15.0-1013',\n 'raspi-nolpae': '5.15.0-1013',\n 'gke': '5.15.0-1014',\n 'gcp': '5.15.0-1016',\n 'aws': '5.15.0-1017'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5566-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-28893', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5566-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:27", "description": "The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-028 advisory.\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1966", "CVE-2022-21499", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo"], "id": "AL2_ALASKERNEL-5_4-2022-028.NASL", "href": "https://www.tenable.com/plugins/nessus/163316", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-028.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163316);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1966\",\n \"CVE-2022-21499\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-028 advisory.\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-028.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1012\", \"CVE-2022-1184\", \"CVE-2022-1966\", \"CVE-2022-21499\", \"CVE-2022-32250\", \"CVE-2022-32296\", \"CVE-2022-32981\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-028\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:45", "description": "The version of kernel installed on the remote host is prior to 5.15.54-25.126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-005 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-26365", "CVE-2022-32250", "CVE-2022-33740", "CVE-2022-33741", "CVE-2022-33742", "CVE-2022-33743", "CVE-2022-34918"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.54-25.126"], "id": "AL2_ALASKERNEL-5_15-2022-005.NASL", "href": "https://www.tenable.com/plugins/nessus/163352", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-005.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163352);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-26365\",\n \"CVE-2022-33740\",\n \"CVE-2022-33741\",\n \"CVE-2022-33742\",\n \"CVE-2022-33743\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.54-25.126. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-005 advisory.\n\n - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text\n explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device\n frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).\n Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to\n unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend\n (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)\n\n - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data\n Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further\n processing to nevertheless be freed. (CVE-2022-33743)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33740.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33741.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33742.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-33743.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-34918.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.54-25.126\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-26365\", \"CVE-2022-33740\", \"CVE-2022-33741\", \"CVE-2022-33742\", \"CVE-2022-33743\", \"CVE-2022-34918\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-005\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.54-25.126-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.54-25.126-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.54-25.126.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.54-25.126.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:29:45", "description": "The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-032 advisory.\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1012", "CVE-2022-1184", "CVE-2022-1966", "CVE-2022-21499", "CVE-2022-32250", "CVE-2022-32296", "CVE-2022-32981"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo"], "id": "AL2_ALASKERNEL-5_4-2022-032.NASL", "href": "https://www.tenable.com/plugins/nessus/163386", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-032.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163386);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-1012\",\n \"CVE-2022-1184\",\n \"CVE-2022-1966\",\n \"CVE-2022-21499\",\n \"CVE-2022-32250\",\n \"CVE-2022-32296\",\n \"CVE-2022-32981\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-032)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-032 advisory.\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a\n duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-1966)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create\n user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to\n a use-after-free. (CVE-2022-32250)\n\n - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are\n used. (CVE-2022-32296)\n\n - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer\n overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point\n registers. (CVE-2022-32981)\n\n - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak\n (CVE-2022-1012)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-032.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32250\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1012\", \"CVE-2022-1184\", \"CVE-2022-1966\", \"CVE-2022-21499\", \"CVE-2022-32250\", \"CVE-2022-32296\", \"CVE-2022-32981\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-032\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.201-111.359.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:03:07", "description": "The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5564-1 advisory.\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-0500)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5564-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0500", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1734", "CVE-2022-1789", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-intel-iotg"], "id": "UBUNTU_USN-5564-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164029", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5564-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164029);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2022-0500\",\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-1734\",\n \"CVE-2022-1789\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-28893\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5564-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5564-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5564-1 advisory.\n\n - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds\n memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local\n user to crash or escalate their privileges on the system. (CVE-2022-0500)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use\n after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID\n is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.\n (CVE-2022-1789)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5564-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-intel-iotg\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '22.04': {\n '5.15.0': {\n 'intel-iotg': '5.15.0-1013'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5564-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0500', 'CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-1734', 'CVE-2022-1789', 'CVE-2022-1974', 'CVE-2022-1975', 'CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-28893', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-33981', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5564-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:09:21", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5582-1 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-25T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1048", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1089-azure-fde"], "id": "UBUNTU_USN-5582-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164421", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5582-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164421);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1048\",\n \"CVE-2022-1652\",\n \"CVE-2022-1679\",\n \"CVE-2022-1734\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-28893\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"USN\", value:\"5582-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5582-1 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use\n after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5582-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1089-azure-fde\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.4.0': {\n 'azure-fde': '5.4.0-1089'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5582-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1048', 'CVE-2022-1652', 'CVE-2022-1679', 'CVE-2022-1734', 'CVE-2022-1974', 'CVE-2022-1975', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-28893', 'CVE-2022-34918');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5582-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:22", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3102 advisory.\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-12T00:00:00", "type": "nessus", "title": "Debian DLA-3102-1 : linux-5.10 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-unsigned", &qu