{"id": "SL_20151208_KERNEL_ON_SL7_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20151208)", "description": " - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as #AC\n (alignment check exception) and #DB (debug exception) is\n handled. A privileged user inside a guest could use\n these flaws to create denial of service conditions on\n the host kernel. (CVE-2015-5307, CVE-2015-8104,\n Important)\n\nThis update also fixes the following bugs :\n\n - On Intel Xeon v5 platforms, the processor frequency was\n always tied to the highest possible frequency. Switching\n p-states on these client platforms failed. This update\n sets the idle frequency, busy frequency, and processor\n frequency values by determining the range and adjusting\n the minimal and maximal percent limit values. Now,\n switching p-states on the aforementioned client\n platforms proceeds successfully.\n\n - Due to a validation error of in-kernel memory-mapped I/O\n (MMIO) tracing, a VM became previously unresponsive when\n connected to RHEV Hypervisor. The provided patch fixes\n this bug by dropping the check in MMIO handler, and a VM\n continues running as expected.\n\n - Due to retry-able command errors, the NVMe driver\n previously leaked I/O descriptors and DMA mappings. As a\n consequence, the kernel could become unresponsive during\n the hot-unplug operation if a driver was removed. This\n update fixes the driver memory leak bug on command\n retries, and the kernel no longer hangs in this\n situation.\n\n - The hybrid_dma_data() function was not initialized\n before use, which caused an invalid memory access when\n hot-plugging a PCI card. As a consequence, a kernel oops\n occurred. The provided patch makes sure\n hybrid_dma_data() is initialized before use, and the\n kernel oops no longer occurs in this situation.\n\n - When running PowerPC (PPC) KVM guests and the host was\n experiencing a lot of page faults, for example because\n it was running low on memory, the host sometimes\n triggered an incorrect kind of interrupt in the guest: a\n data storage exception instead of a data segment\n exception. This caused a kernel panic of the PPC KVM\n guest. With this update, the host kernel synthesizes a\n segment fault if the corresponding Segment Lookaside\n Buffer (SLB) lookup fails, which prevents the kernel\n panic from occurring.\n\n - The kernel accessed an incorrect area of the khugepaged\n process causing Logical Partitioning (LPAR) to become\n unresponsive, and an oops occurred in medlp5. The\n backported upstream patch prevents an LPAR hang, and the\n oops no longer occurs.\n\n - When the sctp module was loaded and a route to an\n association endpoint was removed after receiving an\n Out-of-The-Blue (OOTB) chunk but before incrementing the\n 'dropped because of missing route' SNMP statistic, a\n NULL pointer Dereference kernel panic previously\n occurred. This update fixes the race condition between\n OOTB response and route removal.\n\n - The cpuscaling test of the certification test suite\n previously failed due to a rounding bug in the\n intel-pstate driver. This bug has been fixed and the\n cpuscaling test now passes.\n\nThe system must be rebooted for this update to take effect.", "published": "2015-12-22T00:00:00", "modified": "2015-12-22T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/87583", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?7e4619c3"], "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "type": "nessus", "lastseen": "2021-01-17T13:49:05", "edition": 15, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310131137", "OPENVAS:1361412562310105517", "OPENVAS:703454", "OPENVAS:1361412562310122801", "OPENVAS:1361412562310105465", "OPENVAS:1361412562310122821", "OPENVAS:1361412562310122797", "OPENVAS:1361412562310871516", "OPENVAS:1361412562310806718", "OPENVAS:1361412562310703454"]}, {"type": "f5", "idList": ["SOL31026324", "F5:K31026324"]}, {"type": "cve", "idList": ["CVE-2015-5307", "CVE-2015-8104"]}, {"type": "freebsd", "idList": ["2CABFBAB-8BFB-11E5-BD18-002590263BF5"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3503", "ELSA-2015-2552", "ELSA-2015-3107", "ELSA-2015-2636", "ELSA-2016-3502"]}, {"type": "fedora", "idList": ["FEDORA:581F9608B7DF", "FEDORA:8A5146071240", "FEDORA:0A3A560481D7", "FEDORA:E328560486E4", "FEDORA:3ED73605E19A", "FEDORA:52C43604E44B"]}, {"type": "xen", "idList": ["XSA-156"]}, {"type": "redhat", "idList": ["RHSA-2015:2636", "RHSA-2016:0024", "RHSA-2015:2552", "RHSA-2015:2645", "RHSA-2016:0046", "RHSA-2016:0004"]}, {"type": "centos", "idList": ["CESA-2015:2636", "CESA-2015:2552"]}, {"type": "nessus", "idList": ["FEDORA_2015-F150B2A8C8.NASL", "REDHAT-RHSA-2016-0024.NASL", "ORACLELINUX_ELSA-2015-3107.NASL", "ORACLEVM_OVMSA-2015-0154.NASL", "REDHAT-RHSA-2016-0046.NASL", "FEDORA_2015-394835A3F6.NASL", "FEDORA_2015-668D213DC3.NASL", "ORACLELINUX_ELSA-2015-2552.NASL", "FREEBSD_PKG_2CABFBAB8BFB11E5BD18002590263BF5.NASL", "CENTOS_RHSA-2015-2552.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3454-1:3BA83"]}, {"type": "kaspersky", "idList": ["KLA10744"]}, {"type": "ubuntu", "idList": ["USN-2802-1", "USN-2804-1", "USN-2800-1", "USN-2840-1", "USN-2803-1", "USN-2807-1", "USN-2806-1", "USN-2805-1", "USN-2801-1"]}, {"type": "suse", "idList": ["SUSE-SU-2015:2108-1"]}], "modified": "2021-01-17T13:49:05", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-01-17T13:49:05", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87583);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20151208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as #AC\n (alignment check exception) and #DB (debug exception) is\n handled. A privileged user inside a guest could use\n these flaws to create denial of service conditions on\n the host kernel. (CVE-2015-5307, CVE-2015-8104,\n Important)\n\nThis update also fixes the following bugs :\n\n - On Intel Xeon v5 platforms, the processor frequency was\n always tied to the highest possible frequency. Switching\n p-states on these client platforms failed. This update\n sets the idle frequency, busy frequency, and processor\n frequency values by determining the range and adjusting\n the minimal and maximal percent limit values. Now,\n switching p-states on the aforementioned client\n platforms proceeds successfully.\n\n - Due to a validation error of in-kernel memory-mapped I/O\n (MMIO) tracing, a VM became previously unresponsive when\n connected to RHEV Hypervisor. The provided patch fixes\n this bug by dropping the check in MMIO handler, and a VM\n continues running as expected.\n\n - Due to retry-able command errors, the NVMe driver\n previously leaked I/O descriptors and DMA mappings. As a\n consequence, the kernel could become unresponsive during\n the hot-unplug operation if a driver was removed. This\n update fixes the driver memory leak bug on command\n retries, and the kernel no longer hangs in this\n situation.\n\n - The hybrid_dma_data() function was not initialized\n before use, which caused an invalid memory access when\n hot-plugging a PCI card. As a consequence, a kernel oops\n occurred. The provided patch makes sure\n hybrid_dma_data() is initialized before use, and the\n kernel oops no longer occurs in this situation.\n\n - When running PowerPC (PPC) KVM guests and the host was\n experiencing a lot of page faults, for example because\n it was running low on memory, the host sometimes\n triggered an incorrect kind of interrupt in the guest: a\n data storage exception instead of a data segment\n exception. This caused a kernel panic of the PPC KVM\n guest. With this update, the host kernel synthesizes a\n segment fault if the corresponding Segment Lookaside\n Buffer (SLB) lookup fails, which prevents the kernel\n panic from occurring.\n\n - The kernel accessed an incorrect area of the khugepaged\n process causing Logical Partitioning (LPAR) to become\n unresponsive, and an oops occurred in medlp5. The\n backported upstream patch prevents an LPAR hang, and the\n oops no longer occurs.\n\n - When the sctp module was loaded and a route to an\n association endpoint was removed after receiving an\n Out-of-The-Blue (OOTB) chunk but before incrementing the\n 'dropped because of missing route' SNMP statistic, a\n NULL pointer Dereference kernel panic previously\n occurred. This update fixes the race condition between\n OOTB response and route removal.\n\n - The cpuscaling test of the certification test suite\n previously failed due to a rounding bug in the\n intel-pstate driver. This bug has been fixed and the\n cpuscaling test now passes.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=17791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e4619c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "87583", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"], "scheme": null}

{"openvas": [{"lastseen": "2020-04-07T18:46:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "A security vulnerability has been identified in Citrix XenServer that\n may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all\n currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.", "modified": "2020-04-02T00:00:00", "published": "2015-11-26T00:00:00", "id": "OPENVAS:1361412562310105465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105465", "type": "openvas", "title": "Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105465\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"2020-04-02T13:53:24+0000\");\n\n script_name(\"Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)\");\n\n script_xref(name:\"URL\", value:\"http://support.citrix.com/article/CTX202583\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"A security vulnerability has been identified in Citrix XenServer that\n may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all\n currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.\");\n\n script_tag(name:\"affected\", value:\"Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-26 12:28:16 +0100 (Thu, 26 Nov 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\nif( ! hotfixes = get_kb_item(\"xenserver/patches\") )\n exit( 0 );\n\npatches = make_array();\n\npatches['6.5.0'] = make_list( 'XS65ESP1016', 'XS65E017' );\npatches['6.2.0'] = make_list( 'XS62ESP1034' );\npatches['6.1.0'] = make_list( 'XS61E060' );\npatches['6.0.2'] = make_list( 'XS602E048', 'XS602ECC024' );\npatches['6.0.0'] = make_list( 'XS60E053' );\n\ncitrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );\n\nexit( 99 );\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-07T18:44:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2016-01-19T00:00:00", "id": "OPENVAS:1361412562310105517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105517", "type": "openvas", "title": "F5 BIG-IP - SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105517\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/31/sol31026324.html\");\n\n script_tag(name:\"impact\", value:\"A local user may be able to bypass a container protection mechanism by renaming a directory, or cause a denial-of-service (DoS) to the system by triggering certain exceptions.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"CVE-2015-2925\nThe prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack'.\n\nCVE-2015-5307\nThe KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.\n\nCVE-2015-8104\nThe KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-01-19 12:04:32 +0100 (Tue, 19 Jan 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '12.0.0;11.1.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '12.0.0;11.4.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '12.0.0;11.3.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '12.0.0;11.1.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;11.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '12.0.0;11.1.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '12.0.0;11.1.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.1.0-11.6.0;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '12.0.0;11.1.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '12.0.0;11.3.0-11.6.0;',\n 'unaffected', '12.1.0;12.0.0_HF3;' );\n\ncheck_f5['PSM'] = make_array( 'affected', '11.1.0-11.4.1;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['WAM'] = make_array( 'affected', '11.1.0-11.3.0;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;' );\n\ncheck_f5['WOM'] = make_array( 'affected', '11.1.0-11.3.0;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-12-09T00:00:00", "id": "OPENVAS:1361412562310871516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871516", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:2552-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:2552-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871516\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 11:45:43 +0100 (Wed, 09 Dec 2015)\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:2552-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\n * It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n * On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n * Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n * Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n * The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n * When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2552-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-11-22T00:00:00", "id": "OPENVAS:1361412562310806718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806718", "type": "openvas", "title": "Fedora Update for xen FEDORA-2015-668", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2015-668\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806718\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-22 06:49:27 +0100 (Sun, 22 Nov 2015)\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2015-668\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-668\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.5.2~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "Oracle Linux Local Security Checks ELSA-2015-3107", "modified": "2018-09-28T00:00:00", "published": "2015-12-11T00:00:00", "id": "OPENVAS:1361412562310122801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122801", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3107.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122801\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 08:40:13 +0200 (Fri, 11 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3107\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3107 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3107\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3107.html\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.2.el7uek~0.4.5~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.2.el6uek~0.4.5~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "Oracle Linux Local Security Checks ELSA-2015-2552", "modified": "2018-09-28T00:00:00", "published": "2015-12-09T00:00:00", "id": "OPENVAS:1361412562310122797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122797", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2552.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122797\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 06:54:00 +0200 (Wed, 09 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2552\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2552 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2552\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2552.html\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-5156", "CVE-2015-8104"], "description": "Mageia Linux Local Security Checks mgasa-2015-0450", "modified": "2018-09-28T00:00:00", "published": "2015-11-23T00:00:00", "id": "OPENVAS:1361412562310131137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131137", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0450", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0450.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131137\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-23 07:46:11 +0200 (Mon, 23 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0450\");\n script_tag(name:\"insight\", value:\"This kernel update is based on upstream 4.1.13 longterm kernel and fixes various security issues.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0450.html\");\n script_cve_id(\"CVE-2015-5156\", \"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0450\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.1.13~2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kernel-userspace-headers\", rpm:\"kernel-userspace-headers~4.1.13~2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-xtables-addons\", rpm:\"kmod-xtables-addons~2.7~6.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-broadcom-wl\", rpm:\"kmod-broadcom-wl~6.30.223.271~3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-fglrx\", rpm:\"kmod-fglrx~15.200.1046~7.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-nvidia304\", rpm:\"kmod-nvidia304~304.128~3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-nvidia340\", rpm:\"kmod-nvidia340~340.93~3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"kmod-nvidia-current\", rpm:\"kmod-nvidia-current~346.96~3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:54:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2016-0495", "CVE-2015-8104"], "description": "Multiple vulnerabilities have\nbeen discovered in VirtualBox, an x86 virtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.", "modified": "2017-07-07T00:00:00", "published": "2016-01-27T00:00:00", "id": "OPENVAS:703454", "href": "http://plugins.openvas.org/nasl.php?oid=703454", "type": "openvas", "title": "Debian Security Advisory DSA 3454-1 (virtualbox - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3454.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3454-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703454);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\", \"CVE-2016-0495\", \"CVE-2016-0592\");\n script_name(\"Debian Security Advisory DSA 3454-1 (virtualbox - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-01-27 00:00:00 +0100 (Wed, 27 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3454.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"virtualbox on Debian Linux\");\n script_tag(name: \"insight\", value: \"VirtualBox is a free x86 virtualization\nsolution allowing a wide range of x86 operating systems such as Windows, DOS, BSD\nor Linux to run on a Linux system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 4.3.36-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.0.14-dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.14-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have\nbeen discovered in VirtualBox, an x86 virtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"5.0.14-dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.3.36-dfsg-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2016-0495", "CVE-2015-8104"], "description": "Multiple vulnerabilities have\nbeen discovered in VirtualBox, an x86 virtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.", "modified": "2019-03-18T00:00:00", "published": "2016-01-27T00:00:00", "id": "OPENVAS:1361412562310703454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703454", "type": "openvas", "title": "Debian Security Advisory DSA 3454-1 (virtualbox - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3454.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3454-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703454\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\", \"CVE-2016-0495\", \"CVE-2016-0592\");\n script_name(\"Debian Security Advisory DSA 3454-1 (virtualbox - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-27 00:00:00 +0100 (Wed, 27 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3454.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"virtualbox on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 4.3.36-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.0.14-dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.14-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have\nbeen discovered in VirtualBox, an x86 virtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"5.0.14-dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.3.36-dfsg-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2015-8104"], "description": "Oracle Linux Local Security Checks ELSA-2016-3503", "modified": "2019-03-14T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310122821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122821", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-3503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-3503.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122821\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:11:57 +0200 (Mon, 11 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-3503\");\n script_tag(name:\"insight\", value:\"ELSA-2016-3503 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-3503\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-3503.html\");\n script_cve_id(\"CVE-2013-7421\", \"CVE-2014-9644\", \"CVE-2015-7613\", \"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.15.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.15.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.15.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.15.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.15.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.15.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.15.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.15.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.15.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.15.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-05-08T22:21:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "description": "\nF5 Product Development has assigned ID 563154 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H567192 on the **Diagnostics** &gt;** Identified** &gt; **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP AAM | 12.0.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP AFM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP Analytics | 12.0.0 \n11.6.0 -11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 | High | vCMP \nBIG-IP APM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP ASM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP DNS | 12.0.0 | 13.0.0 \n12.1.0 \n12.0.0 HF3 | High | vCMP \nBIG-IP Edge Gateway | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP GTM | 11.1.0 - 11.6.1 | 11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP Link Controller | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP PEM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP PSM | 11.1.0 - 11.4.1 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP WebAccelerator | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP WOM | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-10-25T19:26:00", "published": "2016-01-13T21:55:00", "id": "F5:K31026324", "href": "https://support.f5.com/csp/article/K31026324", "title": "Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:53", "bulletinFamily": "software", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-06-09T00:00:00", "published": "2016-01-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/31/sol31026324.html", "id": "SOL31026324", "title": "SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "type": "f5", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:21:30", "description": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.", "edition": 7, "cvss3": {}, "published": "2015-11-16T11:59:00", "title": "CVE-2015-8104", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8104"], "modified": "2019-02-13T20:52:00", "cpe": ["cpe:/o:xen:xen:4.4.0", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.5.1", "cpe:/a:oracle:vm_virtualbox:4.2.34", "cpe:/a:oracle:vm_virtualbox:4.3.35", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:oracle:vm_virtualbox:4.0.34", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:xen:xen:4.5.2", "cpe:/o:xen:xen:4.3.2", "cpe:/o:xen:xen:4.6.2", "cpe:/o:xen:xen:4.5.0", "cpe:/o:xen:xen:4.4.1", "cpe:/o:xen:xen:4.4.2", "cpe:/o:xen:xen:4.3.4", "cpe:/a:oracle:vm_virtualbox:4.1.42", "cpe:/o:xen:xen:4.6.0", "cpe:/a:oracle:vm_virtualbox:5.0.13", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:4.3.3", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:xen:xen:4.6.1", "cpe:/o:xen:xen:4.6.4", "cpe:/o:linux:linux_kernel:4.2.3", "cpe:/o:xen:xen:4.6.5", "cpe:/o:oracle:solaris:11.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:xen:xen:4.4.3"], "id": "CVE-2015-8104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8104", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.1.42:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.2.34:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:21:26", "description": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.", "edition": 7, "cvss3": {}, "published": "2015-11-16T11:59:00", "title": "CVE-2015-5307", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5307"], "modified": "2019-02-12T19:04:00", "cpe": ["cpe:/o:xen:xen:4.4.0", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.5.1", "cpe:/a:oracle:vm_virtualbox:4.2.34", "cpe:/o:xen:xen:4.6.3", "cpe:/a:oracle:vm_virtualbox:4.0.34", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:oracle:vm_virtualbox:5.0.8", "cpe:/o:xen:xen:4.5.5", "cpe:/o:xen:xen:4.5.2", "cpe:/o:xen:xen:4.3.2", "cpe:/o:xen:xen:4.6.2", "cpe:/a:oracle:vm_virtualbox:4.3.29", "cpe:/o:xen:xen:4.5.0", "cpe:/o:xen:xen:4.4.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:xen:xen:4.4.2", "cpe:/o:xen:xen:4.3.4", "cpe:/a:oracle:vm_virtualbox:4.1.42", "cpe:/o:xen:xen:4.6.0", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:4.3.3", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:xen:xen:4.5.3", "cpe:/o:xen:xen:4.6.1", "cpe:/o:xen:xen:4.6.4", "cpe:/o:xen:xen:4.4.4", "cpe:/o:xen:xen:4.6.6", "cpe:/o:linux:linux_kernel:4.2.3", "cpe:/o:xen:xen:4.6.5", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:xen:xen:4.4.3"], "id": "CVE-2015-5307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5307", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.3.29:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.1.42:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.2.34:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* When doing TSO/GSO in the presence of VLAN headers on a macvtap device,\nthe header offsets were incorrectly calculated. As a consequence, when 2\nguests on the same host communicated over a guest configured VLAN,\nperformance dropped to about 1 Mbps. A set of patches has been provided to\nfix this bug, and network performance with VLAN tags now works with optimal\nperformance. (BZ#1215914)\n\n* Prior to this update, TSO acceleration features have been removed from\nthe VLAN device which caused that VLAN performance on top of a virtio\ndevice was much lower than that of a virtio device itself. This update\nre-enables TSO acceleration features, and performance of VLAN devices on\ntop of a virtio device has thus been restored. (BZ#1240988)\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor\nAdvertisement (UNA) was previously sent using the link global IPv6 address\nas source address. The underlying source code has been patched, and, after\nthe failover in bonding, UNA is sent using both the corresponding link IPv6\naddress and global IPv6 address of bond0 and bond0.vlan. (BZ#1258480)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops when\nthe end of the report was read. This update fixes this bug by padding the\nend of the report with extra bytes, so the reading of the report never\ncrosses a page boundary. As a result, a page fault and subsequent oops no\nlonger occur. (BZ#1268202)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThe problem could be seen for example with software mapping or re-mapping\nhugetlb areas with concurrent threads reading/writing to same areas causing\npage faults. This update fixes the problem by introducing now a required\nspinlock to the region tracking functions for proper serialization. The\nproblem only affects software using huge pages through hugetlb interface.\n(BZ#1274597)\n\n* Previously, VLAN stacked on the macvlan or macvtap device did not work\nfor devices that implement and use VLAN filters. As a consequence, macvtap\npassthrough mode failed to transfer VLAN packets over the be2net driver.\nThis update implements VLAN ndo calls to the macvlan driver to pass\nappropriate VLAN tag IDs to lower devices. As a result, macvtap transfers\nVLAN packets over be2net successfully. (BZ#1280205)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2016-09-04T02:18:36", "published": "2016-01-12T05:00:00", "id": "RHSA-2016:0024", "href": "https://access.redhat.com/errata/RHSA-2016:0024", "type": "redhat", "title": "(RHSA-2016:0024) Important: kernel security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor\nAdvertisement (UNA) was previously sent using the link global IPv6 address\nas source address. The underlying source code has been patched, and, after\nthe failover in bonding, UNA is sent using both the corresponding link IPv6\naddress and global IPv6 address of bond0 and bond0.vlan. (BZ#1258479)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops when\nthe end of the report was read. This update fixes this bug by padding the\nend of the report with extra bytes, so the reading of the report never\ncrosses a page boundary. As a result, a page fault and subsequent oops no\nlonger occur. (BZ#1268201)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2016-09-04T02:14:23", "published": "2015-12-15T05:00:00", "id": "RHSA-2015:2645", "href": "https://access.redhat.com/errata/RHSA-2015:2645", "type": "redhat", "title": "(RHSA-2015:2645) Important: kernel security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process causing\nLogical Partitioning (LPAR) to become unresponsive, and an oops occurred in\nmedlp5. The backported upstream patch prevents an LPAR hang, and the oops\nno longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association endpoint\nwas removed after receiving an Out-of-The-Blue (OOTB) chunk but before\nincrementing the \"dropped because of missing route\" SNMP statistic, a Null\nPointer Dereference kernel panic previously occurred. This update fixes the\nrace condition between OOTB response and route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously failed due\nto a rounding bug in the intel-pstate driver. This bug has been fixed and\nthe cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-04-12T03:32:41", "published": "2015-12-08T15:11:52", "id": "RHSA-2015:2552", "href": "https://access.redhat.com/errata/RHSA-2015:2552", "type": "redhat", "title": "(RHSA-2015:2552) Important: kernel security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2016-04-04T19:57:07", "published": "2016-01-19T05:00:00", "id": "RHSA-2016:0046", "href": "https://access.redhat.com/errata/RHSA-2016:0046", "type": "redhat", "title": "(RHSA-2016:0046) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2016-04-04T19:56:50", "published": "2016-01-07T05:00:00", "id": "RHSA-2016:0004", "href": "https://access.redhat.com/errata/RHSA-2016:0004", "type": "redhat", "title": "(RHSA-2016:0004) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n* The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n* Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from the nfs_inode\nstruct type, the kernel panicked with negative nfs_inode.npages count.\nThe provided upstream patch performs the required serialization by holding\nthe inode i_lock over the check of PagePrivate and locking the request,\nthus preventing the race and kernel panic from occurring. (BZ#1273721)\n\n* Due to incorrect URB_ISO_ASAP semantics, playing an audio file using a\nUSB sound card could previously fail for some hardware configurations.\nThis update fixes the bug, and playing audio from a USB sound card now\nworks as expected. (BZ#1273916)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThis update fixes the problem by introducing a required spinlock to the\nregion tracking functions for proper serialization. The problem only\naffects software using huge pages through hugetlb interface. (BZ#1274599)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:33", "published": "2015-12-15T05:00:00", "id": "RHSA-2015:2636", "href": "https://access.redhat.com/errata/RHSA-2015:2636", "type": "redhat", "title": "(RHSA-2015:2636) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "\nThe Xen Project reports:\n\nA malicious HVM guest administrator can cause a denial of service.\n\t Specifically, prevent use of a physical CPU for a significant,\n\t perhaps indefinite period. If a host watchdog (Xen or dom0) is in\n\t use, this can lead to a watchdog timeout and consequently a reboot\n\t of the host. If another, innocent, guest, is configured with a\n\t watchdog, this issue can lead to a reboot of such a guest.\n\n", "edition": 4, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "2CABFBAB-8BFB-11E5-BD18-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/2cabfbab-8bfb-11e5-bd18-002590263bf5.html", "title": "xen-kernel -- CPU lockup during exception delivery", "type": "freebsd", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2552\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process causing\nLogical Partitioning (LPAR) to become unresponsive, and an oops occurred in\nmedlp5. The backported upstream patch prevents an LPAR hang, and the oops\nno longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association endpoint\nwas removed after receiving an Out-of-The-Blue (OOTB) chunk but before\nincrementing the \"dropped because of missing route\" SNMP statistic, a Null\nPointer Dereference kernel panic previously occurred. This update fixes the\nrace condition between OOTB response and route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously failed due\nto a rounding bug in the intel-pstate driver. This bug has been fixed and\nthe cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/008932.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2552.html", "edition": 3, "modified": "2015-12-09T19:18:47", "published": "2015-12-09T19:18:47", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/008932.html", "id": "CESA-2015:2552", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2636\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n* The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n* Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from the nfs_inode\nstruct type, the kernel panicked with negative nfs_inode.npages count.\nThe provided upstream patch performs the required serialization by holding\nthe inode i_lock over the check of PagePrivate and locking the request,\nthus preventing the race and kernel panic from occurring. (BZ#1273721)\n\n* Due to incorrect URB_ISO_ASAP semantics, playing an audio file using a\nUSB sound card could previously fail for some hardware configurations.\nThis update fixes the bug, and playing audio from a USB sound card now\nworks as expected. (BZ#1273916)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThis update fixes the problem by introducing a required spinlock to the\nregion tracking functions for proper serialization. The problem only\naffects software using huge pages through hugetlb interface. (BZ#1274599)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/033579.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2636.html", "edition": 3, "modified": "2015-12-16T00:07:51", "published": "2015-12-16T00:07:51", "href": "http://lists.centos.org/pipermail/centos-announce/2015-December/033579.html", "id": "CESA-2015:2636", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "kernel-uek\n[3.8.13-118.2.2]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n- KVM: x86: Defining missing x86 vectors (Nadav Amit) [Orabug: 22333689]", "edition": 4, "modified": "2015-12-10T00:00:00", "published": "2015-12-10T00:00:00", "id": "ELSA-2015-3107", "href": "http://linux.oracle.com/errata/ELSA-2015-3107.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "[3.10.0-327.3.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-327.3.1]\n- rebuild\n[3.10.0-327.2.1]\n- [netdrv] macvtap: unbreak receiving of gro skb with frag list (Jason Wang) [1279794 1273737]\n- [net] ipv6: drop frames with attached skb->sk in forwarding (Hannes Frederic Sowa) [1281701 1243966]\n- [net] ipv6: ip6_forward: perform skb->pkt_type check at the beginning (Hannes Frederic Sowa) [1281701 1243966]\n- [net] sctp: Fix race between OOTB responce and route removal (Jamie Bainbridge) [1281426 1277309]\n- [x86] mm: fix VM_FAULT_RETRY handling (Andrea Arcangeli) [1281427 1277226]\n- [x86] mm: consolidate VM_FAULT_RETRY handling (Andrea Arcangeli) [1281427 1277226]\n- [x86] mm: move mmap_sem unlock from mm_fault_error() to caller (Andrea Arcangeli) [1281427 1277226]\n- [mm] let mm_find_pmd fix buggy race with THP fault (Larry Woodman) [1281424 1273993]\n- [mm] ksm: unstable_tree_search_insert error checking cleanup (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: use find_mergeable_vma in try_to_merge_with_ksm_page (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: use the helper method to do the hlist_empty check (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: don't fail stable tree lookups if walking over stale stable_nodes (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: add cond_resched() to the rmap_walks (Andrea Arcangeli) [1281422 1274871]\n- [powerpc] kvm: book3s_hv: Synthesize segment fault if SLB lookup fails (Thomas Huth) [1281423 1269467]\n- [powerpc] kvm: book3s_hv: Create debugfs file for each guest's HPT (David Gibson) [1281420 1273692]\n- [powerpc] kvm: book3s_hv: Add helpers for lock/unlock hpte (David Gibson) [1281420 1273692]\n- [powerpc] pci: initialize hybrid_dma_data before use (Laurent Vivier) [1279793 1270717]\n- [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1279796 1267652]\n- [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1279796 1267652]\n- [md] raid10: submit_bio_wait() returns 0 on success (Jes Sorensen) [1279796 1267652]\n- [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1279796 1267652]\n- [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1279796 1267652]\n- [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1279796 1267652]\n- [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1279796 1267652]\n- [block] nvme: Fix memory leak on retried commands (David Milburn) [1279792 1271860]\n- [cpufreq] intel_pstate: fix rounding error in max_freq_pct (Prarit Bhargava) [1281491 1263866]\n- [cpufreq] intel_pstate: fix PCT_TO_HWP macro (Prarit Bhargava) [1273926 1264990]\n- [cpufreq] revert 'intel_pstate: add quirk to disable HWP on Skylake-S processors' (Prarit Bhargava) [1273926 1264990]\n- [cpufreq] revert 'intel_pstate: disable Skylake processors' (Prarit Bhargava) [1273926 1264990]\n- [x86] kvm: svm: unconditionally intercept #DB (Paolo Bonzini) [1279469 1279470] {CVE-2015-8104}\n- [x86] virt: guest to host DoS by triggering an infinite loop in microcode (Paolo Bonzini) [1277560 1277561] {CVE-2015-5307}\n[3.10.0-327.1.1]\n- [x86] kvm: mmu: fix validation of mmio page fault (Bandan Das) [1275150 1267128]", "edition": 4, "modified": "2015-12-08T00:00:00", "published": "2015-12-08T00:00:00", "id": "ELSA-2015-2552", "href": "http://linux.oracle.com/errata/ELSA-2015-2552.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "description": "[2.6.32-573.12.1]\n- Revert: [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]\n[2.6.32-573.11.1]\n- [kvm] svm: unconditionally intercept DB (Paolo Bonzini) [1279467 1279468] {CVE-2015-8104}\n- [x86] virt: guest to host DoS by triggering an infinite loop in microcode (Paolo Bonzini) [1277557 1277559] {CVE-2015-5307}\n[2.6.32-573.10.1]\n- [sound] Fix USB audio issues (wrong URB_ISO_ASAP semantics) (Jaroslav Kysela) [1273916 1255071]\n- [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [ipc] Initialize msg/shm IPC objects before doing ipc_addid() (Stanislav Kozina) [1271504 1271505] {CVE-2015-7613}\n- [fs] vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925}\n- [fs] dcache: Handle escaped paths in prepend_path (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925}\n- [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]\n- [hid] fix unused rsize usage (Don Zickus) [1268203 1256568]\n- [hid] fix data access in implement() (Don Zickus) [1268203 1256568]\n- [fs] NFS: Hold i_lock in nfs_wb_page_cancel() while locking a request (Benjamin Coddington) [1273721 1135601]\n[2.6.32-573.9.1]\n- [mm] hugetlb: fix race in region tracking (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: improve, cleanup resv_map parameters (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: unify region structure handling (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: change variable name reservations to resv (Herton R. Krzesinski) [1274599 1260755]\n- [fs] dcache: Log ELOOP rather than creating a loop (Benjamin Coddington) [1272858 1254020]\n- [fs] dcache: Fix loop checks in d_materialise_unique (Benjamin Coddington) [1272858 1254020]", "edition": 4, "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "id": "ELSA-2015-2636", "href": "http://linux.oracle.com/errata/ELSA-2015-2636.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2015-8104"], "description": "kernel-uek\n[2.6.32-400.37.15uek]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250043] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250043] {CVE-2015-7613}\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.32-400.37.14uek]\n- KVM: add arg to ac_interception() missing from 'KVM: x86: work around infinite loop in microcode when #AC is delivered' (Chuck Anderson) [Orabug: 22336493] {CVE-2015-5307}\n[2.6.32-400.37.13uek]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22336518] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22336493] {CVE-2015-5307} {CVE-2015-5307}", "edition": 4, "modified": "2016-01-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "ELSA-2016-3503", "href": "http://linux.oracle.com/errata/ELSA-2016-3503.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2010-5313", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2014-7842", "CVE-2015-8104"], "description": "[2.6.39-400.264.13]\n- KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872}\n[2.6.39-400.264.12]\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.39-400.264.11]\n- KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}\n[2.6.39-400.264.9]\n- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613}\n[2.6.39-400.264.8]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613}\n[2.6.39-400.264.7]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n[2.6.39-400.264.6]\n- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) \n- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) \n- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] \n- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) \n- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) \n- IB: Return error for unsupported QP creation flags (Or Gerlitz) \n- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]", "edition": 4, "modified": "2016-01-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "ELSA-2016-3502", "href": "http://linux.oracle.com/errata/ELSA-2016-3502.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2016-09-04T11:24:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "#### ISSUE DESCRIPTION\nWhen a benign exception occurs while delivering another benign exception, it is architecturally specified that these would be delivered sequentially. There are, however, cases where this results in an infinite loop inside the CPU, which (in the virtualized case) can be broken only by intercepting delivery of the respective exception.\nArchitecturally, at least some of these cases should also be resolvable by an arriving NMI or external interrupt, but empirically this has been determined to not be the case.\nThe cases affecting Xen are:\n#AC (Alignment Check Exception, CVE-2015-5307): When a 32-bit guest sets up the IDT entry corresponding to this exception to reference a ring-3 handler, and when ring 3 code triggers the exception while running with an unaligned stack pointer, delivering the exception will re-encounter #AC, ending in an infinite loop.\n#DB (Debug Exception, CVE-2015-8104): When a guest sets up a hardware breakpoint covering a data structure involved in delivering #DB, upon completion of the delivery of the first exception another #DB will need to be delivered. The effects slightly differ depending on further guest characteristics:\n- - Guests running in 32-bit mode would be expected to sooner or later encounter another fault due to the stack pointer decreasing during each iteration of the loop. The most likely case would be #PF (Page Fault) due to running into unmapped virtual space. However, an infinite loop cannot be excluded (e.g. when the guest is running with paging disabled).\n- - Guests running in long mode, but not using the IST (Interrupt Stack Table) feature for the IDT entry corresponding to #DB would behave similarly to guests running in 32-bit mode, just that the larger virtual address space allows for a much longer loop. The loop can&#39;t, however, be infinite, as eventually the stack pointer would move into non-canonical address space, causing #SS (Stack Fault) instead.\n- - Guests running in long mode and using IST for the IDT entry corresponding to #DB would enter an infinite loop, as the stack pointer wouldn&#39;t change between #DB instances.\n#### IMPACT\nA malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period.\nIf a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest.\nIt is possible that a guest kernel might expose the #AC vulnerability to malicious unprivileged guest users (by permitting #AC to be handled in guest user mode). However, we believe that almost all ordinary operating system kernels do not permit this; we are not aware of any exceptions. (A guest kernel which exposed the #AC vulnerability to guest userspace would be vulnerable when running on baremetal, without Xen involved.)\n #### VULNERABLE SYSTEMS\nThe vulnerability is exposed to any x86 HVM guest.\nARM is not vulnerable. x86 PV VMs are not vulnerable.\nAll versions of Xen are affected.\nx86 CPUs from all manufacturers are affected.\n", "edition": 1, "modified": "2015-11-10T00:07:00", "published": "2015-11-10T00:01:00", "id": "XSA-156", "href": "http://xenbits.xen.org/xsa/advisory-156.html", "title": "x86: CPU lockup during exception delivery", "type": "xen", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2015-11-21T16:55:05", "published": "2015-11-21T16:55:05", "id": "FEDORA:8A5146071240", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: xen-4.5.2-2.fc22", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2015-11-23T00:30:31", "published": "2015-11-23T00:30:31", "id": "FEDORA:3ED73605E19A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: xen-4.5.2-2.fc23", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2015-11-20T23:26:59", "published": "2015-11-20T23:26:59", "id": "FEDORA:0A3A560481D7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: xen-4.4.3-8.fc21", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "description": "The kernel meta package ", "modified": "2015-11-19T12:24:24", "published": "2015-11-19T12:24:24", "id": "FEDORA:52C43604E44B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.2.6-200.fc22", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "description": "The kernel meta package ", "modified": "2015-11-20T23:26:41", "published": "2015-11-20T23:26:41", "id": "FEDORA:E328560486E4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-4.1.13-100.fc21", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "description": "The kernel meta package ", "modified": "2015-11-19T10:05:31", "published": "2015-11-19T10:05:31", "id": "FEDORA:581F9608B7DF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.2.6-300.fc23", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2021-02-01T05:32:44", "description": "Updated kernel packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.5 Advanced Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited\nNeighbor Advertisement (UNA) was previously sent using the link global\nIPv6 address as source address. The underlying source code has been\npatched, and, after the failover in bonding, UNA is sent using both\nthe corresponding link IPv6 address and global IPv6 address of bond0\nand bond0.vlan. (BZ#1258479)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops\nwhen the end of the report was read. This update fixes this bug by\npadding the end of the report with extra bytes, so the reading of the\nreport never crosses a page boundary. As a result, a page fault and\nsubsequent oops no longer occur. (BZ#1268201)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 27, "published": "2015-12-16T00:00:00", "title": "RHEL 6 : kernel (RHSA-2015:2645)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2015-2645.NASL", "href": "https://www.tenable.com/plugins/nessus/87399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2645. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87399);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"RHSA\", value:\"2015:2645\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2015:2645)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and two bugs are\nnow available for Red Hat Enterprise Linux 6.5 Advanced Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited\nNeighbor Advertisement (UNA) was previously sent using the link global\nIPv6 address as source address. The underlying source code has been\npatched, and, after the failover in bonding, UNA is sent using both\nthe corresponding link IPv6 address and global IPv6 address of bond0\nand bond0.vlan. (BZ#1258479)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops\nwhen the end of the report was read. This update fixes this bug by\npadding the end of the report with extra bytes, so the reading of the\nreport never crosses a page boundary. As a result, a page fault and\nsubsequent oops no longer occur. (BZ#1268201)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-5307\", \"CVE-2015-8104\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:2645\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2645\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-abi-whitelists-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-doc-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-firmware-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.68.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.68.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T13:23:41", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KVM: svm: unconditionally intercept #DB (Paolo Bonzini)\n [Orabug: 22333698] (CVE-2015-8104)\n\n - KVM: x86: work around infinite loop in microcode when\n #AC is delivered (Eric Northup) [Orabug: 22333689]\n (CVE-2015-5307) (CVE-2015-5307)\n\n - KVM: x86: Defining missing x86 vectors (Nadav Amit)\n [Orabug: 22333689]", "edition": 26, "published": "2015-12-14T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0154)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2015-12-14T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2015-0154.NASL", "href": "https://www.tenable.com/plugins/nessus/87333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0154.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87333);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0154)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KVM: svm: unconditionally intercept #DB (Paolo Bonzini)\n [Orabug: 22333698] (CVE-2015-8104)\n\n - KVM: x86: work around infinite loop in microcode when\n #AC is delivered (Eric Northup) [Orabug: 22333689]\n (CVE-2015-5307) (CVE-2015-5307)\n\n - KVM: x86: Defining missing x86 vectors (Nadav Amit)\n [Orabug: 22333689]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-December/000402.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a85ade0c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.2.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T06:14:39", "description": "The remote Windows host is affected by multiple denial of service\nvulnerabilities that can be triggered with certain central processing\nunit (CPU) chipsets. A local attacker with kernel-mode privileges on a\nHyper-V guest can exploit this to cause all Hyper-V guests to become\nunresponsive.", "edition": 27, "published": "2015-11-10T00:00:00", "title": "MS KB3108638: Update for Windows Hyper-V to Address CPU Weakness", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB3108638.NASL", "href": "https://www.tenable.com/plugins/nessus/86818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86818);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"IAVB\", value:\"2015-B-0136\");\n script_xref(name:\"MSKB\", value:\"3108638\");\n script_xref(name:\"MSKB\", value:\"3105213\");\n script_xref(name:\"MSKB\", value:\"3108604\");\n\n script_name(english:\"MS KB3108638: Update for Windows Hyper-V to Address CPU Weakness\");\n script_summary(english:\"Checks the version of hvax64.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by multiple denial of service\nvulnerabilities that can be triggered with certain central processing\nunit (CPU) chipsets. A local attacker with kernel-mode privileges on a\nHyper-V guest can exploit this to cause all Hyper-V guests to become\nunresponsive.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3108638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3108638/microsoft-security-advisory-update-to-hyper-v-to-address-cpu-weakness\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3108604/microsoft-security-advisory-description-of-the-security-update-for-win\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3105213/cumulative-update-for-windows-10-november-10-2015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2008, 2008 R2, 8,\n2012, 8.1, 2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"wmi_enum_server_features.nbin\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nkbs = make_list(\n '3105213', # Windows 10\n '3108604' # All other versions of Windows\n);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# only 64-bit OSes are affected. the advisory doesn't explicitly say the 64-bit editions of Server 2012 and\n# Server 2012 R2 are affected, but that's only because there are no 32-bit versions of those OSes\narch = get_kb_item_or_exit(\"SMB/ARCH\", exit_code:1);\nif (arch != \"x64\") audit(AUDIT_ARCH_NOT, \"x64\", arch);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# (Hyper-V ID = 20)\nif (!get_kb_item('WMI/server_feature/20'))\n{\n # could not determine if Hyper-V was enabled via wmi, so now check with registry\n # This is the key for the version of the integration services installer files,\n # which are only on the Hyper-V host.\n # Connect to remote registry.\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n hyperv_reg = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization\\GuestInstaller\\Version\\Microsoft-Hyper-V-Guest-Installer\");\n RegCloseKey(handle:hklm);\n close_registry(close:FALSE);\n\n if (!hyperv_reg)\n {\n NetUseDel();\n exit(0, \"Systems without the Hyper-V role enabled are not affected by the vulnerability.\");\n }\n}\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", file:\"Hvax64.exe\", version:\"10.0.10240.16590\", dir:\"\\system32\", kb:\"3105213\") ||\n\n # Windows 8.1 / 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", file:\"Hvax64.exe\", version:\"6.3.9600.18114\", dir:\"\\system32\", kb:\"3108604\") ||\n\n # Windows 8 / 2012\n hotfix_is_vulnerable(os:\"6.2\", file:\"Hvax64.exe\", version:\"6.2.9200.21679\", min_version:\"6.2.9200.21000\", dir:\"\\system32\", kb:\"3108604\") ||\n hotfix_is_vulnerable(os:\"6.2\", file:\"Hvax64.exe\", version:\"6.2.9200.17562\", dir:\"\\system32\", kb:\"3108604\") ||\n\n # Windows Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Hvax64.exe\", version:\"6.1.7601.23257\", min_version:\"6.1.7601.23000\", dir:\"\\system32\", kb:\"3108604\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Hvax64.exe\", version:\"6.1.7601.19052\", dir:\"\\system32\", kb:\"3108604\") ||\n\n # Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Hvax64.exe\", version:\"6.0.6002.23844\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", kb:\"3108604\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Hvax64.exe\", version:\"6.0.6002.19534\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", kb:\"3108604\")\n)\n{\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:13:55", "description": "x86: CPU lockup during exception delivery [XSA-156, CVE-2015-5307,\nCVE-2015-8104]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 21 : xen-4.4.3-8.fc21 (2015-f150b2a8c8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2016-03-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2015-F150B2A8C8.NASL", "href": "https://www.tenable.com/plugins/nessus/89457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-f150b2a8c8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89457);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"FEDORA\", value:\"2015-f150b2a8c8\");\n\n script_name(english:\"Fedora 21 : xen-4.4.3-8.fc21 (2015-f150b2a8c8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86: CPU lockup during exception delivery [XSA-156, CVE-2015-5307,\nCVE-2015-8104]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1278496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15906138\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"xen-4.4.3-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T01:38:15", "description": "The version of Citrix XenServer running on the remote host is affected\nby multiple denial of service vulnerabilities :\n\n - An infinite loop condition exists in the KVM subsystem\n that is triggered when handling a stream of #AC\n (Alignment Check) exceptions. A local attacker within a\n virtualized guest can exploit this to cause a host OS\n panic or hang, resulting in a denial of service\n condition. (CVE-2015-5307)\n\n - An infinite loop condition exists in the KVM subsystem\n that is triggered when handling a stream of #DB (Debug)\n exceptions. A local attacker within a virtualized guest\n can exploit this to cause a host OS panic or hang,\n resulting in a denial of service condition.\n (CVE-2015-8104)", "edition": 28, "cvss3": {"score": 6.8, "vector": "AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2015-11-23T00:00:00", "title": "Citrix XenServer Multiple Infinite Loop Guest-to-Host DoS (CTX202583)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX202583.NASL", "href": "https://www.tenable.com/plugins/nessus/87012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87012);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_bugtraq_id(77524, 77528);\n\n script_name(english:\"Citrix XenServer Multiple Infinite Loop Guest-to-Host DoS (CTX202583)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is affected\nby multiple denial of service vulnerabilities :\n\n - An infinite loop condition exists in the KVM subsystem\n that is triggered when handling a stream of #AC\n (Alignment Check) exceptions. A local attacker within a\n virtualized guest can exploit this to cause a host OS\n panic or hang, resulting in a denial of service\n condition. (CVE-2015-5307)\n\n - An infinite loop condition exists in the KVM subsystem\n that is triggered when handling a stream of #DB (Debug)\n exceptions. A local attacker within a virtualized guest\n can exploit this to cause a host OS panic or hang,\n resulting in a denial of service condition.\n (CVE-2015-8104)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX202583\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5307\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\n# We will do our checks within the branches since there can be SP releases\n# special treatment.\nif (version == \"6.0.0\")\n{\n fix = \"XS60E053\";\n if (\"XS60E053\" >!< patches) vuln = TRUE;\n}\nelse if (version == \"6.0.2\")\n{\n fix = \"XS602E048 or XS602ECC024\";\n if (\"XS602E048\" >!< patches && \"XS602ECC024\" >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.1\\.\")\n{\n fix = \"XS61E060\";\n if (\"XS61E060\" >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.2\\.\")\n{\n fix = \"XS62ESP1034\";\n if (\"XS62ESP1034\" >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.5\\.\")\n{\n fix = \"XS65ESP1016 or XS65E017\";\n if (\"XS65ESP1016\" >!< patches && \"XS65E017\" >!< patches) vuln = TRUE;\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report =\n '\\n Installed version : ' + version +\n '\\n Missing hotfix : ' + fix +\n '\\n';\n\n security_report_v4(severity:SECURITY_WARNING, extra:report, port:port);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:30:26", "description": "Updated kernel packages that fix two security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied\nto the highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency,\nand processor frequency values by determining the range and adjusting\nthe minimal and maximal percent limit values. Now, switching p-states\non the aforementioned client platforms proceeds successfully.\n(BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO)\ntracing, a VM became previously unresponsive when connected to Red Hat\nEnterprise Virtualization Hypervisor. The provided patch fixes this\nbug by dropping the check in MMIO handler, and a VM continues running\nas expected. (BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked\nI/O descriptors and DMA mappings. As a consequence, the kernel could\nbecome unresponsive during the hot-unplug operation if a driver was\nremoved. This update fixes the driver memory leak bug on command\nretries, and the kernel no longer hangs in this situation.\n(BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no\nlonger occurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing\na lot of page faults, for example because it was running low on\nmemory, the host sometimes triggered an incorrect kind of interrupt in\nthe guest: a data storage exception instead of a data segment\nexception. This caused a kernel panic of the PPC KVM guest. With this\nupdate, the host kernel synthesizes a segment fault if the\ncorresponding Segment Lookaside Buffer (SLB) lookup fails, which\nprevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process\ncausing Logical Partitioning (LPAR) to become unresponsive, and an\noops occurred in medlp5. The backported upstream patch prevents an\nLPAR hang, and the oops no longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association\nendpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk\nbut before incrementing the 'dropped because of missing route' SNMP\nstatistic, a Null Pointer Dereference kernel panic previously\noccurred. This update fixes the race condition between OOTB response\nand route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously\nfailed due to a rounding bug in the intel-pstate driver. This bug has\nbeen fixed and the cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 28, "published": "2015-12-10T00:00:00", "title": "CentOS 7 : kernel (CESA-2015:2552)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2015-12-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2015-2552.NASL", "href": "https://www.tenable.com/plugins/nessus/87281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2552 and \n# CentOS Errata and Security Advisory 2015:2552 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87281);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"RHSA\", value:\"2015:2552\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2015:2552)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied\nto the highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency,\nand processor frequency values by determining the range and adjusting\nthe minimal and maximal percent limit values. Now, switching p-states\non the aforementioned client platforms proceeds successfully.\n(BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO)\ntracing, a VM became previously unresponsive when connected to Red Hat\nEnterprise Virtualization Hypervisor. The provided patch fixes this\nbug by dropping the check in MMIO handler, and a VM continues running\nas expected. (BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked\nI/O descriptors and DMA mappings. As a consequence, the kernel could\nbecome unresponsive during the hot-unplug operation if a driver was\nremoved. This update fixes the driver memory leak bug on command\nretries, and the kernel no longer hangs in this situation.\n(BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no\nlonger occurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing\na lot of page faults, for example because it was running low on\nmemory, the host sometimes triggered an incorrect kind of interrupt in\nthe guest: a data storage exception instead of a data segment\nexception. This caused a kernel panic of the PPC KVM guest. With this\nupdate, the host kernel synthesizes a segment fault if the\ncorresponding Segment Lookaside Buffer (SLB) lookup fails, which\nprevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process\ncausing Logical Partitioning (LPAR) to become unresponsive, and an\noops occurred in medlp5. The backported upstream patch prevents an\nLPAR hang, and the oops no longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association\nendpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk\nbut before incrementing the 'dropped because of missing route' SNMP\nstatistic, a Null Pointer Dereference kernel panic previously\noccurred. This update fixes the race condition between OOTB response\nand route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously\nfailed due to a rounding bug in the intel-pstate driver. This bug has\nbeen fixed and the cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-December/002732.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ad1b9b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5307\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.3.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.3.1.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:50:30", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.2.2.el7uek]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: \n22333698] {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered \n(Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n- KVM: x86: Defining missing x86 vectors (Nadav Amit) [Orabug: 22333689]", "edition": 23, "published": "2015-12-14T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3107)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2015-12-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.2.2.el7uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.2.2.el6uek", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3107.NASL", "href": "https://www.tenable.com/plugins/nessus/87332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2015-3107.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87332);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.2.2.el7uek]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: \n22333698] {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered \n(Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n- KVM: x86: Defining missing x86 vectors (Nadav Amit) [Orabug: 22333689]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005620.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.2.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.2.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-5307\", \"CVE-2015-8104\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3107\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.2.2.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.2.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.2.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.2.2.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.2.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.2.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:13:31", "description": "x86: CPU lockup during exception delivery [XSA-156, CVE-2015-5307,\nCVE-2015-8104] ---- update to 4.5.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : xen-4.5.2-2.fc23 (2015-394835a3f6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-394835A3F6.NASL", "href": "https://www.tenable.com/plugins/nessus/89212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-394835a3f6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89212);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"FEDORA\", value:\"2015-394835a3f6\");\n\n script_name(english:\"Fedora 23 : xen-4.5.2-2.fc23 (2015-394835a3f6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"x86: CPU lockup during exception delivery [XSA-156, CVE-2015-5307,\nCVE-2015-8104] ---- update to 4.5.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1278496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?092937d2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"xen-4.5.2-2.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T05:32:47", "description": "Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.6 Extended Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* When doing TSO/GSO in the presence of VLAN headers on a macvtap\ndevice, the header offsets were incorrectly calculated. As a\nconsequence, when 2 guests on the same host communicated over a guest\nconfigured VLAN, performance dropped to about 1 Mbps. A set of patches\nhas been provided to fix this bug, and network performance with VLAN\ntags now works with optimal performance. (BZ#1215914)\n\n* Prior to this update, TSO acceleration features have been removed\nfrom the VLAN device which caused that VLAN performance on top of a\nvirtio device was much lower than that of a virtio device itself. This\nupdate re-enables TSO acceleration features, and performance of VLAN\ndevices on top of a virtio device has thus been restored. (BZ#1240988)\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited\nNeighbor Advertisement (UNA) was previously sent using the link global\nIPv6 address as source address. The underlying source code has been\npatched, and, after the failover in bonding, UNA is sent using both\nthe corresponding link IPv6 address and global IPv6 address of bond0\nand bond0.vlan. (BZ#1258480)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops\nwhen the end of the report was read. This update fixes this bug by\npadding the end of the report with extra bytes, so the reading of the\nreport never crosses a page boundary. As a result, a page fault and\nsubsequent oops no longer occur. (BZ#1268202)\n\n* Inside hugetlb, region data structures were protected by a\ncombination of a memory map semaphore and a single hugetlb instance\nmutex. However, a page-fault scalability improvement backported to the\nkernel on previous releases removed the single hugetlb instance mutex\nand introduced a new mutex table, making the locking combination\ninsufficient, leading to possible race windows that could cause\ncorruption and undefined behavior. The problem could be seen for\nexample with software mapping or re-mapping hugetlb areas with\nconcurrent threads reading/writing to same areas causing page faults.\nThis update fixes the problem by introducing now a required spinlock\nto the region tracking functions for proper serialization. The problem\nonly affects software using huge pages through hugetlb interface.\n(BZ#1274597)\n\n* Previously, VLAN stacked on the macvlan or macvtap device did not\nwork for devices that implement and use VLAN filters. As a\nconsequence, macvtap passthrough mode failed to transfer VLAN packets\nover the be2net driver. This update implements VLAN ndo calls to the\nmacvlan driver to pass appropriate VLAN tag IDs to lower devices. As a\nresult, macvtap transfers VLAN packets over be2net successfully.\n(BZ#1280205)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 27, "published": "2016-01-13T00:00:00", "title": "RHEL 6 : kernel (RHSA-2016:0024)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2016-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/87886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0024. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87886);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"RHSA\", value:\"2016:0024\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2016:0024)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.6 Extended Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* When doing TSO/GSO in the presence of VLAN headers on a macvtap\ndevice, the header offsets were incorrectly calculated. As a\nconsequence, when 2 guests on the same host communicated over a guest\nconfigured VLAN, performance dropped to about 1 Mbps. A set of patches\nhas been provided to fix this bug, and network performance with VLAN\ntags now works with optimal performance. (BZ#1215914)\n\n* Prior to this update, TSO acceleration features have been removed\nfrom the VLAN device which caused that VLAN performance on top of a\nvirtio device was much lower than that of a virtio device itself. This\nupdate re-enables TSO acceleration features, and performance of VLAN\ndevices on top of a virtio device has thus been restored. (BZ#1240988)\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited\nNeighbor Advertisement (UNA) was previously sent using the link global\nIPv6 address as source address. The underlying source code has been\npatched, and, after the failover in bonding, UNA is sent using both\nthe corresponding link IPv6 address and global IPv6 address of bond0\nand bond0.vlan. (BZ#1258480)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops\nwhen the end of the report was read. This update fixes this bug by\npadding the end of the report with extra bytes, so the reading of the\nreport never crosses a page boundary. As a result, a page fault and\nsubsequent oops no longer occur. (BZ#1268202)\n\n* Inside hugetlb, region data structures were protected by a\ncombination of a memory map semaphore and a single hugetlb instance\nmutex. However, a page-fault scalability improvement backported to the\nkernel on previous releases removed the single hugetlb instance mutex\nand introduced a new mutex table, making the locking combination\ninsufficient, leading to possible race windows that could cause\ncorruption and undefined behavior. The problem could be seen for\nexample with software mapping or re-mapping hugetlb areas with\nconcurrent threads reading/writing to same areas causing page faults.\nThis update fixes the problem by introducing now a required spinlock\nto the region tracking functions for proper serialization. The problem\nonly affects software using huge pages through hugetlb interface.\n(BZ#1274597)\n\n* Previously, VLAN stacked on the macvlan or macvtap device did not\nwork for devices that implement and use VLAN filters. As a\nconsequence, macvtap passthrough mode failed to transfer VLAN packets\nover the be2net driver. This update implements VLAN ndo calls to the\nmacvlan driver to pass appropriate VLAN tag IDs to lower devices. As a\nresult, macvtap transfers VLAN packets over be2net successfully.\n(BZ#1280205)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-5307\", \"CVE-2015-8104\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:0024\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0024\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-abi-whitelists-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-doc-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-firmware-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"python-perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-504.40.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T05:32:41", "description": "Updated kernel packages that fix two security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied\nto the highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency,\nand processor frequency values by determining the range and adjusting\nthe minimal and maximal percent limit values. Now, switching p-states\non the aforementioned client platforms proceeds successfully.\n(BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO)\ntracing, a VM became previously unresponsive when connected to Red Hat\nEnterprise Virtualization Hypervisor. The provided patch fixes this\nbug by dropping the check in MMIO handler, and a VM continues running\nas expected. (BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked\nI/O descriptors and DMA mappings. As a consequence, the kernel could\nbecome unresponsive during the hot-unplug operation if a driver was\nremoved. This update fixes the driver memory leak bug on command\nretries, and the kernel no longer hangs in this situation.\n(BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no\nlonger occurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing\na lot of page faults, for example because it was running low on\nmemory, the host sometimes triggered an incorrect kind of interrupt in\nthe guest: a data storage exception instead of a data segment\nexception. This caused a kernel panic of the PPC KVM guest. With this\nupdate, the host kernel synthesizes a segment fault if the\ncorresponding Segment Lookaside Buffer (SLB) lookup fails, which\nprevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process\ncausing Logical Partitioning (LPAR) to become unresponsive, and an\noops occurred in medlp5. The backported upstream patch prevents an\nLPAR hang, and the oops no longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association\nendpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk\nbut before incrementing the 'dropped because of missing route' SNMP\nstatistic, a Null Pointer Dereference kernel panic previously\noccurred. This update fixes the race condition between OOTB response\nand route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously\nfailed due to a rounding bug in the intel-pstate driver. This bug has\nbeen fixed and the cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.", "edition": 29, "published": "2015-12-09T00:00:00", "title": "RHEL 7 : kernel (RHSA-2015:2552)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2015-2552.NASL", "href": "https://www.tenable.com/plugins/nessus/87274", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2552. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87274);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_xref(name:\"RHSA\", value:\"2015:2552\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2015:2552)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is\nprone to a denial of service attack inside a virtualized environment\nin the form of an infinite loop in the microcode due to the way\n(sequential) delivering of benign exceptions such as #AC (alignment\ncheck exception) and #DB (debug exception) is handled. A privileged\nuser inside a guest could use these flaws to create denial of service\nconditions on the host kernel. (CVE-2015-5307, CVE-2015-8104,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting\nthe CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied\nto the highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency,\nand processor frequency values by determining the range and adjusting\nthe minimal and maximal percent limit values. Now, switching p-states\non the aforementioned client platforms proceeds successfully.\n(BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO)\ntracing, a VM became previously unresponsive when connected to Red Hat\nEnterprise Virtualization Hypervisor. The provided patch fixes this\nbug by dropping the check in MMIO handler, and a VM continues running\nas expected. (BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked\nI/O descriptors and DMA mappings. As a consequence, the kernel could\nbecome unresponsive during the hot-unplug operation if a driver was\nremoved. This update fixes the driver memory leak bug on command\nretries, and the kernel no longer hangs in this situation.\n(BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no\nlonger occurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing\na lot of page faults, for example because it was running low on\nmemory, the host sometimes triggered an incorrect kind of interrupt in\nthe guest: a data storage exception instead of a data segment\nexception. This caused a kernel panic of the PPC KVM guest. With this\nupdate, the host kernel synthesizes a segment fault if the\ncorresponding Segment Lookaside Buffer (SLB) lookup fails, which\nprevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process\ncausing Logical Partitioning (LPAR) to become unresponsive, and an\noops occurred in medlp5. The backported upstream patch prevents an\nLPAR hang, and the oops no longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association\nendpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk\nbut before incrementing the 'dropped because of missing route' SNMP\nstatistic, a Null Pointer Dereference kernel panic previously\noccurred. This update fixes the race condition between OOTB response\nand route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously\nfailed due to a rounding bug in the intel-pstate driver. This bug has\nbeen fixed and the cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-5307\", \"CVE-2015-8104\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2015:2552\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2552\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-327.3.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:01:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2016-0495", "CVE-2015-8104"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3454-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : virtualbox\nCVE ID : CVE-2015-5307 CVE-2015-8104 CVE-2016-0495 CVE-2016-0592\n\nMultiple vulnerabilities have been discovered in VirtualBox, an x86\nvirtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.3.36-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.0.14-dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.14-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2016-01-26T23:25:16", "published": "2016-01-26T23:25:16", "id": "DEBIAN:DSA-3454-1:3BA83", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00024.html", "title": "[SECURITY] [DSA 3454-1] virtualbox security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:11", "bulletinFamily": "info", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2015-7183", "CVE-2016-0495", "CVE-2015-8104", "CVE-2016-0602"], "description": "### *Detect date*:\n02/21/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle VirtualBox. By exploiting these vulnerabilities malicious users can affect availability, integrity and confidentiality. These vulnerabilities can be exploited remotely via an unknown vectors related to Core and Windows Installer.\n\n### *Affected products*:\nOracle VM VirtualBox versions earlier than 5.0.14\n\n### *Solution*:\nUpdate to the latest version \n[Get VirtualBox](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2015-5307](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307>)4.9Warning \n[CVE-2015-8104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104>)4.7Warning \n[CVE-2015-7183](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183>)7.5Critical \n[CVE-2016-0602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0602>)6.2High \n[CVE-2016-0495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495>)4.3Warning \n[CVE-2016-0592](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592>)2.1Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2016-02-21T00:00:00", "id": "KLA10744", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10744", "title": "\r KLA10744Multiple vulnerabilities in Oracle VM VirtualBox ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-15T01:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 6, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2806-1", "href": "https://ubuntu.com/security/notices/USN-2806-1", "title": "Linux kernel (Vivid HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 5, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2807-1", "href": "https://ubuntu.com/security/notices/USN-2807-1", "title": "Linux kernel (Wily HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:39:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 6, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2805-1", "href": "https://ubuntu.com/security/notices/USN-2805-1", "title": "Linux kernel (Utopic HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T00:32:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 5, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2803-1", "href": "https://ubuntu.com/security/notices/USN-2803-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T00:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 5, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2802-1", "href": "https://ubuntu.com/security/notices/USN-2802-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 6, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2800-1", "href": "https://ubuntu.com/security/notices/USN-2800-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 6, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2804-1", "href": "https://ubuntu.com/security/notices/USN-2804-1", "title": "Linux kernel (Trusty HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-15T01:40:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5307"], "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly catch Alignment Check exceptions. An attacker in a \nguest virtual machine could use this to cause a denial of service (system \ncrash) in the host OS.", "edition": 6, "modified": "2015-11-10T00:00:00", "published": "2015-11-10T00:00:00", "id": "USN-2801-1", "href": "https://ubuntu.com/security/notices/USN-2801-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:33:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6252", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in\n microcode via #DB exception (bsc#954404).\n - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in\n microcode via #AC exception (bsc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that occurred\n during userspace execution, which might have allowed local users to gain\n privileges by triggering an NMI (bsc#938706).\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951440).\n - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by\n validating before applying it (bsc#944296).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bsc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered\n permanent file-descriptor allocation (bsc#942367).\n\n The following non-security bugs were fixed:\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bsc#814440).\n - btrfs: fix hang when failing to submit bio of directIO (bsc#942688).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bsc#942688).\n - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm: do not start current request if it would have merged with the\n previous (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn merge heuristic\n (bsc#904348).\n - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n (bsc#942938).\n - drm/i915: Add bit field to record which pins have received HPD events\n (v3) (bsc#942938).\n - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938).\n - drm/i915: Add messages useful for HPD storm detection debugging (v2)\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in\n encoders (v2) (bsc#942938).\n - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n (bsc#942938).\n - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n platforms (bsc#942938).\n - drm/i915: Enable hotplug interrupts after querying hw capabilities\n (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n - drm/i915: Get rid if the &quot;^A&quot; in struct drm_i915_private (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Mask out the HPD irq bits before setting them individually\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Only reprobe display on encoder which has received an HPD\n event (v2) (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n (bsc#942938).\n - drm/i915: clear crt hotplug compare voltage field before setting\n (bsc#942938).\n - drm/i915: close tiny race in the ilk pcu even interrupt setup\n (bsc#942938).\n - drm/i915: fix hotplug event bit tracking (bsc#942938).\n - drm/i915: fix hpd interrupt register locking (bsc#942938).\n - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n (bsc#942938).\n - drm/i915: fix locking around ironlake_enable|disable_display_irq\n (bsc#942938).\n - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n (bsc#942938).\n - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n - ehci-pci: enable interrupt on BayTrail (bnc926007).\n - fix lpfc_send_rscn_event allocation size claims bsc#935757\n - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bsc#947957).\n - ib/iser: Add Discovery support (bsc#923002).\n - ib/iser: Move informational messages from error to info level\n (bsc#923002).\n - ib/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n - ipvs: Fix reuse connection if real server is dead (bsc#945827).\n - ipvs: drop first packet to dead server (bsc#946078).\n - keys: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bsc#930788).\n - libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n (bsc#923002).\n - macvlan: Support bonding events bsc#948521\n - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bsc#947957).\n - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bsc#947957).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bsc#947957).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bsc#947957).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bsc#947957).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bsc#947957).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017,\n bsc#949298).\n - mm: make page pfmemalloc check more robust (bsc#920016).\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786).\n - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786).\n - pci: Add flag indicating device has been assigned by KVM (bsc#777565).\n - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084).\n - pci: Refresh First VF Offset and VF Stride when updating NumVFs\n (bsc#952084).\n - pci: Update NumVFs register when disabling SR-IOV (bsc#952084).\n - pci: delay configuration of SRIOV capability (bsc#952084).\n - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - r8169: remember WOL preferences on driver load (bsc#942305).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bsc#949100).\n - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - scsi: kabi: allow iscsi disocvery session support (bsc#923002).\n - scsi_transport_iscsi: Exporting new attrs for iscsi session and\n connection in sysfs (bsc#923002).\n - sg: fix read() error reporting (bsc#926774).\n - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n (bsc#933721).\n - usb: xhci: Reset a halted endpoint immediately when we encounter a stall\n (bsc#933721).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bsc#944989).\n - usb: xhci: do not start a halted endpoint before its new dequeue is set\n (bsc#933721).\n - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721).\n - x86/tsc: Change Fast TSC calibration failed from error to info\n (bsc#942605).\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788).\n - xfs: add background scanning to clear eofblocks inodes (bsc#930788).\n - xfs: add inode id filtering to eofblocks scan (bsc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bsc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bsc#930788).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bsc#930788).\n - xfs: support a tag-based inode_ag_iterator (bsc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bsc#949981).\n - xhci: Allocate correct amount of scratchpad buffers (bsc#933721).\n - xhci: Calculate old endpoints correctly on device reset (bsc#944831).\n - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bsc#945691).\n - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n (bsc#933721).\n - xhci: Treat not finding the event_seg on COMP_STOP the same as\n COMP_STOP_INVAL (bsc#933721).\n - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502).\n - xhci: do not report PLC when link is in internal resume state\n (bsc#933721).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bsc#944837).\n - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721).\n - xhci: report U3 when link is in resume state (bsc#933721).\n - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bsc#939955).\n\n", "edition": 1, "modified": "2015-11-26T13:10:56", "published": "2015-11-26T13:10:56", "id": "SUSE-SU-2015:2108-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}