DATABASE RESOURCES PRICING ABOUT US

{"id": "SUSE_SU-2017-2389-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107).\n\n - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882).\n\n - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483).\n\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354)\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340)\n\n - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982).\n\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125)\n\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431)\n\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456)\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882)\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879)\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593)\n\n - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-09-11T00:00:00", "modified": "2021-01-19T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/103110", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8925", "https://bugzilla.suse.com/show_bug.cgi?id=1047027", "https://bugzilla.suse.com/show_bug.cgi?id=1047487", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077", "http://www.nessus.org/u?d921ed6a", "https://bugzilla.suse.com/show_bug.cgi?id=1042863", "https://bugzilla.suse.com/show_bug.cgi?id=1047354", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365", "https://bugzilla.suse.com/show_bug.cgi?id=1048221", "https://bugzilla.suse.com/show_bug.cgi?id=972891", "https://bugzilla.suse.com/show_bug.cgi?id=1055680", "https://www.suse.com/security/cve/CVE-2016-10277/", "https://www.suse.com/security/cve/CVE-2017-1000363/", "https://bugzilla.suse.com/show_bug.cgi?id=1000380", "https://bugzilla.suse.com/show_bug.cgi?id=1039883", "https://bugzilla.suse.com/show_bug.cgi?id=1044913", "https://bugzilla.suse.com/show_bug.cgi?id=1037233", "https://bugzilla.suse.com/show_bug.cgi?id=1042687", "https://bugzilla.suse.com/show_bug.cgi?id=1034670", "https://bugzilla.suse.com/show_bug.cgi?id=909618", "https://bugzilla.suse.com/show_bug.cgi?id=1030814", "https://bugzilla.suse.com/show_bug.cgi?id=784815", "https://www.suse.com/security/cve/CVE-2017-8890/", "https://bugzilla.suse.com/show_bug.cgi?id=1041160", "https://bugzilla.suse.com/show_bug.cgi?id=1046192", "https://bugzilla.suse.com/show_bug.cgi?id=1041431", "https://bugzilla.suse.com/show_bug.cgi?id=1030552", "https://bugzilla.suse.com/show_bug.cgi?id=1038982", "https://bugzilla.suse.com/show_bug.cgi?id=1045416", "https://bugzilla.suse.com/show_bug.cgi?id=1048232", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533", "https://bugzilla.suse.com/show_bug.cgi?id=1038879", "https://bugzilla.suse.com/show_bug.cgi?id=962257", "https://bugzilla.suse.com/show_bug.cgi?id=1032340", "https://bugzilla.suse.com/show_bug.cgi?id=1037359", "https://www.suse.com/security/cve/CVE-2017-9076/", "https://bugzilla.suse.com/show_bug.cgi?id=986924", "https://bugzilla.suse.com/show_bug.cgi?id=943786", "https://bugzilla.suse.com/show_bug.cgi?id=990682", "https://bugzilla.suse.com/show_bug.cgi?id=1042615", "https://bugzilla.suse.com/show_bug.cgi?id=1049688", "https://bugzilla.suse.com/show_bug.cgi?id=1023051", "https://bugzilla.suse.com/show_bug.cgi?id=1045547", "https://bugzilla.suse.com/show_bug.cgi?id=1047343", "https://bugzilla.suse.com/show_bug.cgi?id=1037193", "https://bugzilla.suse.com/show_bug.cgi?id=1041762", "https://bugzilla.suse.com/show_bug.cgi?id=1046107", "https://bugzilla.suse.com/show_bug.cgi?id=1044216", "https://bugzilla.suse.com/show_bug.cgi?id=1044125", "https://www.suse.com/security/cve/CVE-2017-9242/", "https://bugzilla.suse.com/show_bug.cgi?id=1051770", "https://bugzilla.suse.com/show_bug.cgi?id=1045479", "https://bugzilla.suse.com/show_bug.cgi?id=1039354", "https://bugzilla.suse.com/show_bug.cgi?id=1035576", "https://bugzilla.suse.com/show_bug.cgi?id=971975", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074", "https://www.suse.com/security/cve/CVE-2017-1000365/", "https://bugzilla.suse.com/show_bug.cgi?id=1051478", "https://bugzilla.suse.com/show_bug.cgi?id=1029850", "https://bugzilla.suse.com/show_bug.cgi?id=995542", "https://bugzilla.suse.com/show_bug.cgi?id=1048185", "https://bugzilla.suse.com/show_bug.cgi?id=1042633", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11473", "https://bugzilla.suse.com/show_bug.cgi?id=1035920", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075", "https://bugzilla.suse.com/show_bug.cgi?id=1037227", "https://bugzilla.suse.com/show_bug.cgi?id=1036629", "https://www.suse.com/security/cve/CVE-2017-11473/", "https://bugzilla.suse.com/show_bug.cgi?id=1044882", "https://bugzilla.suse.com/show_bug.cgi?id=1036056", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2647", "https://bugzilla.suse.com/show_bug.cgi?id=1042045", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000380", "https://bugzilla.suse.com/show_bug.cgi?id=1047523", "https://www.suse.com/security/cve/CVE-2017-9075/", "https://www.suse.com/security/cve/CVE-2017-7482/", "https://www.suse.com/security/cve/CVE-2017-9074/", "https://bugzilla.suse.com/show_bug.cgi?id=1047053", "https://www.suse.com/security/cve/CVE-2017-7487/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7542", "https://bugzilla.suse.com/show_bug.cgi?id=1043935", "https://bugzilla.suse.com/show_bug.cgi?id=1000365", "https://bugzilla.suse.com/show_bug.cgi?id=1041975", "https://bugzilla.suse.com/show_bug.cgi?id=1035777", "https://bugzilla.suse.com/show_bug.cgi?id=1045538", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11176", "https://www.suse.com/security/cve/CVE-2017-1000380/", "https://bugzilla.suse.com/show_bug.cgi?id=1015452", "https://bugzilla.suse.com/show_bug.cgi?id=799133", "https://bugzilla.suse.com/show_bug.cgi?id=1043234", "https://www.suse.com/security/cve/CVE-2017-11176/", "https://bugzilla.suse.com/show_bug.cgi?id=1013018", "https://www.suse.com/security/cve/CVE-2017-2647/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6951", "https://bugzilla.suse.com/show_bug.cgi?id=1039594", "https://bugzilla.suse.com/show_bug.cgi?id=919382", "https://bugzilla.suse.com/show_bug.cgi?id=928138", "https://bugzilla.suse.com/show_bug.cgi?id=1051515", "https://www.suse.com/security/cve/CVE-2017-7533/", "https://bugzilla.suse.com/show_bug.cgi?id=1049882", "https://bugzilla.suse.com/show_bug.cgi?id=1048275", "https://bugzilla.suse.com/show_bug.cgi?id=1049128", "https://www.suse.com/security/cve/CVE-2017-6951/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9922", "https://www.suse.com/security/cve/CVE-2017-8925/", "https://www.suse.com/security/cve/CVE-2017-9077/", "https://bugzilla.suse.com/show_bug.cgi?id=1037232", "https://bugzilla.suse.com/show_bug.cgi?id=1037441", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10277", "https://bugzilla.suse.com/show_bug.cgi?id=1049603", "https://bugzilla.suse.com/show_bug.cgi?id=1043014", "https://bugzilla.suse.com/show_bug.cgi?id=1039885", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000363", "https://bugzilla.suse.com/show_bug.cgi?id=1050154", "https://bugzilla.suse.com/show_bug.cgi?id=1030593", "https://bugzilla.suse.com/show_bug.cgi?id=1044015", "https://bugzilla.suse.com/show_bug.cgi?id=1044230", "https://bugzilla.suse.com/show_bug.cgi?id=1044854", "https://bugzilla.suse.com/show_bug.cgi?id=1039882", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242", "https://bugzilla.suse.com/show_bug.cgi?id=1046715", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7482", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8924", "https://bugzilla.suse.com/show_bug.cgi?id=938352", "https://www.suse.com/security/cve/CVE-2014-9922/", "https://bugzilla.suse.com/show_bug.cgi?id=1037358", "https://bugzilla.suse.com/show_bug.cgi?id=1038981", "https://bugzilla.suse.com/show_bug.cgi?id=1039258", "https://bugzilla.suse.com/show_bug.cgi?id=1037356", "https://bugzilla.suse.com/show_bug.cgi?id=1050431", "https://bugzilla.suse.com/show_bug.cgi?id=1042832", "https://bugzilla.suse.com/show_bug.cgi?id=1034026", "https://bugzilla.suse.com/show_bug.cgi?id=1045487", "https://www.suse.com/security/cve/CVE-2017-7542/", "https://bugzilla.suse.com/show_bug.cgi?id=1032471", "https://bugzilla.suse.com/show_bug.cgi?id=1045154", "https://bugzilla.suse.com/show_bug.cgi?id=1047653", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487", "https://www.suse.com/security/cve/CVE-2017-8924/", "https://bugzilla.suse.com/show_bug.cgi?id=1040069", "https://bugzilla.suse.com/show_bug.cgi?id=948562", "https://bugzilla.suse.com/show_bug.cgi?id=1038544", "https://bugzilla.suse.com/show_bug.cgi?id=1029140", "https://bugzilla.suse.com/show_bug.cgi?id=1045525", "https://bugzilla.suse.com/show_bug.cgi?id=1012422", "https://bugzilla.suse.com/show_bug.cgi?id=1045356", "https://bugzilla.suse.com/show_bug.cgi?id=1039456", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076", "https://bugzilla.suse.com/show_bug.cgi?id=1049483", "https://bugzilla.suse.com/show_bug.cgi?id=1040351", "https://bugzilla.suse.com/show_bug.cgi?id=792863", "https://bugzilla.suse.com/show_bug.cgi?id=1035721", "https://bugzilla.suse.com/show_bug.cgi?id=1037191", "https://bugzilla.suse.com/show_bug.cgi?id=1036288", "https://bugzilla.suse.com/show_bug.cgi?id=1045615"], "cvelist": ["CVE-2014-9922", "CVE-2016-10277", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2647", "CVE-2017-6951", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "immutableFields": [], "lastseen": "2023-09-09T15:02:35", "viewCount": 132, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-845", "ALAS-2017-846", "ALAS-2017-868", "ALAS-2017-870"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-10277", "ANDROID:CVE-2017-8890"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-04-01", "ANDROID:2017-05-01", "ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01", "ANDROID:2017-12-01"]}, {"type": "centos", "idList": ["CESA-2017:1842", "CESA-2017:2473", "CESA-2017:2930", "CESA-2017:3315", "CESA-2018:0169", "CESA-2018:1854"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:18773E2EBFCA95CBB12CDED52A4EFFCC", "CFOUNDRY:4DDC563CC4B682CD1D8A3F51374BC77A", "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8", "CFOUNDRY:9D1D2721EB965138C5B62A17BAC259EF", "CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF", "CFOUNDRY:EA45FD03FD447E186F125FC46918DCD9"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2014-9922", "CVE-2016-10277", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000371", "CVE-2017-1000380", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2647", "CVE-2017-6951", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3927-1:A186E", "DEBIAN:DSA-3927-1:A5DA8", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3945-1:A4CC7", "DEBIAN:DSA-3981-1:0F636", "DEBIAN:DSA-3981-1:3AC17"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9922", "DEBIANCVE:CVE-2017-1000363", "DEBIANCVE:CVE-2017-1000365", "DEBIANCVE:CVE-2017-1000371", "DEBIANCVE:CVE-2017-1000380", "DEBIANCVE:CVE-2017-11176", "DEBIANCVE:CVE-2017-11473", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-6951", "DEBIANCVE:CVE-2017-7482", "DEBIANCVE:CVE-2017-7487", "DEBIANCVE:CVE-2017-7533", "DEBIANCVE:CVE-2017-7542", "DEBIANCVE:CVE-2017-8890", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9074", "DEBIANCVE:CVE-2017-9075", "DEBIANCVE:CVE-2017-9076", "DEBIANCVE:CVE-2017-9077", "DEBIANCVE:CVE-2017-9242"]}, {"type": "exploitdb", "idList": ["EDB-ID:42601", "EDB-ID:44302", "EDB-ID:45553", "EDB-ID:45554"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:439E4D3ACF94B8A9B5703C9D6BAD1C6C", "EXPLOITPACK:4F74638D00AC37320CD01F8B963CC200", "EXPLOITPACK:7E4B21925D392950552D213FE7157C98"]}, {"type": "f5", "idList": ["F5:K02236463", "F5:K02613439", "F5:K15412203", "F5:K32115847", "F5:K54170502", "F5:K56450659", "F5:K61223103", "F5:K61429540", "F5:K84024430", "F5:K97457339"]}, {"type": "fedora", "idList": ["FEDORA:0BAA361AC35C", "FEDORA:1C7E86049D49", "FEDORA:274BB60875C4", "FEDORA:41D1B604B3B3", "FEDORA:44065605602A", "FEDORA:464D56087B08", "FEDORA:578BF6049496", "FEDORA:648496077DD1", "FEDORA:6F1BC604D0C1", "FEDORA:83CF561C31BC", "FEDORA:8C2C4605E539", "FEDORA:A65EC601F907", "FEDORA:B60446046988", "FEDORA:B704D609623F", "FEDORA:F02346079D15"]}, {"type": "github", "idList": ["GITHUB:36A8218D126985012FDC093E052DADD1", "GITHUB:B36CF6D99B79B071507638EAF3F7EF40"]}, {"type": "githubexploit", "idList": ["F235C897-C385-56AB-B58E-500B01C27538"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170802-01-LINUX"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "3308B42939B04B4021AA2335DDE595F548A207C40327B703DC453BF6CE4AE02D", "46B5E3387C4BE0F3CD3546AED67DCDCEBF831B4B2606AC65CBDF2DD046B8E2F7", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A64F2FB994EA0E985794B8CD4593E029DBB3381EE638D433F6521D469A29697F", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "DE695F71E3366E59E6428276E5EABA598BB2B1F9CA1025C553DC82926661E92A", "DEFAAAA0DD92B12D203CFB2895EE6C4FD25C65850C377CF08FD9369E08A36AA2", "FCF2696FE8EFF61C9D79AC3E2D970827C0BE46B9F2B73539D06BDC02B89491C5"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2017-0186", "MGASA-2017-0187", "MGASA-2017-0188"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786520", "MYHACK58:62201787008", "MYHACK58:62201787108", "MYHACK58:62201787113", "MYHACK58:62201787385"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-845.NASL", "ALA_ALAS-2017-846.NASL", "ALA_ALAS-2017-868.NASL", "ALA_ALAS-2017-870.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2017-2473.NASL", "CENTOS_RHSA-2017-2930.NASL", "CENTOS_RHSA-2017-3315.NASL", "CENTOS_RHSA-2018-1854.NASL", "DEBIAN_DLA-1099.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3886.NASL", "DEBIAN_DSA-3927.NASL", "DEBIAN_DSA-3945.NASL", "DEBIAN_DSA-3981.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1160.NASL", "EULEROS_SA-2017-1291.NASL", "EULEROS_SA-2018-1026.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1485.NASL", "EULEROS_SA-2019-1498.NASL", "EULEROS_SA-2019-1500.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1506.NASL", "EULEROS_SA-2019-1513.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1523.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1526.NASL", "EULEROS_SA-2019-1528.NASL", "EULEROS_SA-2019-1529.NASL", "EULEROS_SA-2019-1531.NASL", "EULEROS_SA-2019-1535.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL02236463.NASL", "F5_BIGIP_SOL02613439.NASL", "F5_BIGIP_SOL61223103.NASL", "F5_BIGIP_SOL61429540.NASL", "F5_BIGIP_SOL84024430.NASL", "FEDORA_2017-05F10E29F4.NASL", "FEDORA_2017-273B67D5EE.NASL", "FEDORA_2017-39B5FACDA0.NASL", "FEDORA_2017-466D902289.NASL", "FEDORA_2017-544EEF948F.NASL", "FEDORA_2017-6554692044.NASL", "FEDORA_2017-6F06BE3FE9.NASL", "FEDORA_2017-73F71456D7.NASL", "FEDORA_2017-85744F8AA9.NASL", "FEDORA_2017-98548B066B.NASL", "FEDORA_2017-ADC7D95627.NASL", "FEDORA_2017-D3ED702FE4.NASL", "FEDORA_2017-D7BC1B3056.NASL", "FEDORA_2017-DEB70B495E.NASL", "FEDORA_2017-E75602D3ED.NASL", "JUNIPER_SPACE_JSA_10826.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0007_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0018_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0034_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0098_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "OPENSUSE-2017-1390.NASL", "OPENSUSE-2017-1391.NASL", "OPENSUSE-2017-666.NASL", "OPENSUSE-2017-716.NASL", "OPENSUSE-2017-798.NASL", "OPENSUSE-2017-890.NASL", "OPENSUSE-2017-891.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-2473-1.NASL", "ORACLELINUX_ELSA-2017-2473.NASL", "ORACLELINUX_ELSA-2017-2930-1.NASL", "ORACLELINUX_ELSA-2017-2930.NASL", "ORACLELINUX_ELSA-2017-3315.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3574.NASL", "ORACLELINUX_ELSA-2017-3575.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3621.NASL", "ORACLELINUX_ELSA-2017-3622.NASL", "ORACLELINUX_ELSA-2017-3631.NASL", "ORACLELINUX_ELSA-2017-3632.NASL", "ORACLELINUX_ELSA-2017-3633.NASL", "ORACLELINUX_ELSA-2017-3635.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3637.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-0169.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-4040.NASL", "ORACLELINUX_ELSA-2018-4041.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLELINUX_ELSA-2020-1524.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5936.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2017-0111.NASL", "ORACLEVM_OVMSA-2017-0112.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0152.NASL", "ORACLEVM_OVMSA-2017-0163.NASL", "ORACLEVM_OVMSA-2017-0164.NASL", "ORACLEVM_OVMSA-2017-0167.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0041.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "PHOTONOS_PHSA-2017-0018.NASL", "PHOTONOS_PHSA-2017-0019.NASL", "PHOTONOS_PHSA-2017-0019_LINUX.NASL", "PHOTONOS_PHSA-2017-0025.NASL", "PHOTONOS_PHSA-2017-0025_LINUX.NASL", "PHOTONOS_PHSA-2017-0028.NASL", "PHOTONOS_PHSA-2017-0028_LINUX.NASL", "PHOTONOS_PHSA-2017-0029.NASL", "PHOTONOS_PHSA-2017-0029_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0101.NASL", "PHOTONOS_PHSA-2018-2_0-0101_LINUX.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2437.NASL", "REDHAT-RHSA-2017-2444.NASL", "REDHAT-RHSA-2017-2473.NASL", "REDHAT-RHSA-2017-2585.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2770.NASL", "REDHAT-RHSA-2017-2869.NASL", "REDHAT-RHSA-2017-2918.NASL", "REDHAT-RHSA-2017-2930.NASL", "REDHAT-RHSA-2017-2931.NASL", "REDHAT-RHSA-2017-3295.NASL", "REDHAT-RHSA-2017-3315.NASL", "REDHAT-RHSA-2017-3322.NASL", "REDHAT-RHSA-2018-0169.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2019-0641.NASL", "REDHAT-RHSA-2020-3548.NASL", "REDHAT-RHSA-2020-3836.NASL", "SLACKWARE_SSA_2017-177-01.NASL", "SLACKWARE_SSA_2017-180-01.NASL", "SLACKWARE_SSA_2017-181-02.NASL", "SLACKWARE_SSA_2017-184-01.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20170815_KERNEL_ON_SL7_X.NASL", "SL_20171019_KERNEL_ON_SL7_X.NASL", "SL_20171130_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL6_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SL_20200826_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-2041-1.NASL", "SUSE_SU-2017-2042-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2074-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2089-1.NASL", "SUSE_SU-2017-2090-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2094-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "SUSE_SU-2017-2286-1.NASL", "SUSE_SU-2017-2446-1.NASL", "SUSE_SU-2017-2447-1.NASL", "SUSE_SU-2017-2448-1.NASL", "SUSE_SU-2017-2475-1.NASL", "SUSE_SU-2017-2476-1.NASL", "SUSE_SU-2017-2497-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2775-1.NASL", "SUSE_SU-2017-2791-1.NASL", "SUSE_SU-2017-2869-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2017-3398-1.NASL", "SUSE_SU-2017-3410-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3326-1.NASL", "UBUNTU_USN-3327-1.NASL", "UBUNTU_USN-3328-1.NASL", "UBUNTU_USN-3329-1.NASL", "UBUNTU_USN-3330-1.NASL", "UBUNTU_USN-3331-1.NASL", "UBUNTU_USN-3332-1.NASL", "UBUNTU_USN-3333-1.NASL", "UBUNTU_USN-3334-1.NASL", "UBUNTU_USN-3335-1.NASL", "UBUNTU_USN-3342-1.NASL", "UBUNTU_USN-3342-2.NASL", "UBUNTU_USN-3343-1.NASL", "UBUNTU_USN-3343-2.NASL", "UBUNTU_USN-3344-1.NASL", "UBUNTU_USN-3344-2.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3358-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3364-1.NASL", "UBUNTU_USN-3364-2.NASL", "UBUNTU_USN-3364-3.NASL", "UBUNTU_USN-3371-1.NASL", "UBUNTU_USN-3377-1.NASL", "UBUNTU_USN-3377-2.NASL", "UBUNTU_USN-3378-1.NASL", "UBUNTU_USN-3378-2.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3392-1.NASL", "UBUNTU_USN-3392-2.NASL", "UBUNTU_USN-3404-1.NASL", "UBUNTU_USN-3404-2.NASL", "UBUNTU_USN-3405-1.NASL", "UBUNTU_USN-3405-2.NASL", "UBUNTU_USN-3406-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3468-1.NASL", "UBUNTU_USN-3468-2.NASL", "UBUNTU_USN-3468-3.NASL", "UBUNTU_USN-3470-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-3849-1.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2017-043.NASL", "VIRTUOZZO_VZA-2017-044.NASL", "VIRTUOZZO_VZA-2017-045.NASL", "VIRTUOZZO_VZA-2017-047.NASL", "VIRTUOZZO_VZA-2017-065.NASL", "VIRTUOZZO_VZA-2017-067.NASL", "VIRTUOZZO_VZA-2017-068.NASL", "VIRTUOZZO_VZA-2017-069.NASL", "VIRTUOZZO_VZA-2017-070.NASL", "VIRTUOZZO_VZA-2017-076.NASL", "VIRTUOZZO_VZA-2017-077.NASL", "VIRTUOZZO_VZA-2017-078.NASL", "VIRTUOZZO_VZA-2017-079.NASL", "VIRTUOZZO_VZA-2018-072.NASL", "VIRTUOZZO_VZA-2018-075.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108776", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310703927", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310703981", "OPENVAS:1361412562310812046", "OPENVAS:1361412562310812318", "OPENVAS:1361412562310843209", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843211", "OPENVAS:1361412562310843212", "OPENVAS:1361412562310843213", "OPENVAS:1361412562310843215", "OPENVAS:1361412562310843216", "OPENVAS:1361412562310843217", "OPENVAS:1361412562310843218", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843221", "OPENVAS:1361412562310843222", "OPENVAS:1361412562310843228", "OPENVAS:1361412562310843229", "OPENVAS:1361412562310843231", "OPENVAS:1361412562310843232", "OPENVAS:1361412562310843233", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843248", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843252", "OPENVAS:1361412562310843254", "OPENVAS:1361412562310843255", "OPENVAS:1361412562310843262", "OPENVAS:1361412562310843268", "OPENVAS:1361412562310843269", "OPENVAS:1361412562310843270", "OPENVAS:1361412562310843271", "OPENVAS:1361412562310843273", "OPENVAS:1361412562310843286", "OPENVAS:1361412562310843287", "OPENVAS:1361412562310843294", "OPENVAS:1361412562310843295", "OPENVAS:1361412562310843296", "OPENVAS:1361412562310843297", "OPENVAS:1361412562310843298", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843352", "OPENVAS:1361412562310843353", "OPENVAS:1361412562310843356", "OPENVAS:1361412562310843357", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851571", "OPENVAS:1361412562310851578", "OPENVAS:1361412562310851586", "OPENVAS:1361412562310851592", "OPENVAS:1361412562310851666", "OPENVAS:1361412562310851667", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310871884", "OPENVAS:1361412562310872696", "OPENVAS:1361412562310872700", "OPENVAS:1361412562310872708", "OPENVAS:1361412562310872720", "OPENVAS:1361412562310872729", "OPENVAS:1361412562310872761", "OPENVAS:1361412562310872902", "OPENVAS:1361412562310873079", "OPENVAS:1361412562310873277", "OPENVAS:1361412562310873302", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310882792", "OPENVAS:1361412562310882810", "OPENVAS:1361412562310882840", "OPENVAS:1361412562310890922", "OPENVAS:1361412562310891099", "OPENVAS:1361412562311220171071", "OPENVAS:1361412562311220171072", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220171160", "OPENVAS:1361412562311220171291", "OPENVAS:1361412562311220181026", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191485", "OPENVAS:1361412562311220191498", "OPENVAS:1361412562311220191500", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191506", "OPENVAS:1361412562311220191513", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191523", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191526", "OPENVAS:1361412562311220191528", "OPENVAS:1361412562311220191529", "OPENVAS:1361412562311220191531", "OPENVAS:1361412562311220191535", "OPENVAS:1361412562311220191537", "OPENVAS:1361412562311220192531", "OPENVAS:703886"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2473", "ELSA-2017-2473-1", "ELSA-2017-2930", "ELSA-2017-2930-1", "ELSA-2017-3315", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3574", "ELSA-2017-3575", "ELSA-2017-3576", "ELSA-2017-3590", "ELSA-2017-3591", "ELSA-2017-3595", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3621", "ELSA-2017-3622", "ELSA-2017-3631", "ELSA-2017-3632", "ELSA-2017-3633", "ELSA-2017-3635", "ELSA-2017-3636", "ELSA-2017-3637", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2017-3659", "ELSA-2018-0008", "ELSA-2018-0169", "ELSA-2018-1854", "ELSA-2018-4021", "ELSA-2018-4040", "ELSA-2018-4041", "ELSA-2018-4109", "ELSA-2018-4110", "ELSA-2020-3548", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5936"]}, {"type": "osv", "idList": ["OSV:DLA-1099-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2", "OSV:DSA-3927-1", "OSV:DSA-3945-1", "OSV:DSA-3981-1"]}, {"type": "photon", "idList": ["PHSA-2017-0018", "PHSA-2017-0019", "PHSA-2017-0025", "PHSA-2017-0028", "PHSA-2017-0029", "PHSA-2017-0035", "PHSA-2017-0044", "PHSA-2017-0052", "PHSA-2017-0055", "PHSA-2017-0061", "PHSA-2017-0062", "PHSA-2018-0031", "PHSA-2018-0101", "PHSA-2018-2.0-0101"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:87BA757A5FD1FA33FB143A6AD7B02E98"]}, {"type": "redhat", "idList": ["RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2437", "RHSA-2017:2444", "RHSA-2017:2473", "RHSA-2017:2585", "RHSA-2017:2669", "RHSA-2017:2770", "RHSA-2017:2869", "RHSA-2017:2918", "RHSA-2017:2930", "RHSA-2017:2931", "RHSA-2017:3295", "RHSA-2017:3315", "RHSA-2017:3322", "RHSA-2018:0169", "RHSA-2018:0654", "RHSA-2018:1854", "RHSA-2018:3822", "RHSA-2019:0641", "RHSA-2020:3548", "RHSA-2020:3836"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000363", "RH:CVE-2017-1000365", "RH:CVE-2017-1000380", "RH:CVE-2017-11176", "RH:CVE-2017-11473", "RH:CVE-2017-2647", "RH:CVE-2017-6951", "RH:CVE-2017-7482", "RH:CVE-2017-7487", "RH:CVE-2017-7533", "RH:CVE-2017-7542", "RH:CVE-2017-8890", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9074", "RH:CVE-2017-9075", "RH:CVE-2017-9076", "RH:CVE-2017-9077", "RH:CVE-2017-9242"]}, {"type": "seebug", "idList": ["SSV:93140", "SSV:93143", "SSV:93207"]}, {"type": "slackware", "idList": ["SSA-2017-177-01", "SSA-2017-180-01", "SSA-2017-181-02", "SSA-2017-184-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1513-1", "OPENSUSE-SU-2017:1633-1", "OPENSUSE-SU-2017:1825-1", "OPENSUSE-SU-2017:2110-1", "OPENSUSE-SU-2017:2112-1", "OPENSUSE-SU-2017:3358-1", "OPENSUSE-SU-2017:3359-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1853-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2041-1", "SUSE-SU-2017:2042-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2069-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2074-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2089-1", "SUSE-SU-2017:2090-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2094-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2114-1", "SUSE-SU-2017:2286-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2447-1", "SUSE-SU-2017:2448-1", "SUSE-SU-2017:2475-1", "SUSE-SU-2017:2476-1", "SUSE-SU-2017:2497-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2775-1", "SUSE-SU-2017:2791-1", "SUSE-SU-2017:2869-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:2956-1", "SUSE-SU-2017:3398-1", "SUSE-SU-2017:3410-1", "SUSE-SU-2018:0213-1"]}, {"type": "threatpost", "idList": ["THREATPOST:54E7457360B9B4CFC6843F7B3E0C5367", "THREATPOST:AA5A156F9AAE63DEC363D924F7ABEF36"]}, {"type": "ubuntu", "idList": ["USN-3342-1", "USN-3342-2", "USN-3343-1", "USN-3343-2", "USN-3344-1", "USN-3344-2", "USN-3345-1", "USN-3358-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3361-1", "USN-3364-1", "USN-3364-2", "USN-3364-3", "USN-3371-1", "USN-3377-1", "USN-3377-2", "USN-3378-1", "USN-3378-2", "USN-3381-1", "USN-3381-2", "USN-3392-1", "USN-3392-2", "USN-3404-1", "USN-3404-2", "USN-3405-1", "USN-3405-2", "USN-3406-1", "USN-3406-2", "USN-3422-1", "USN-3422-2", "USN-3468-1", "USN-3468-2", "USN-3468-3", "USN-3470-1", "USN-3470-2", "USN-3583-1", "USN-3583-2", "USN-3754-1", "USN-3849-1", "USN-3849-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9922", "UB:CVE-2017-1000363", "UB:CVE-2017-1000365", "UB:CVE-2017-1000371", "UB:CVE-2017-1000380", "UB:CVE-2017-11176", "UB:CVE-2017-11473", "UB:CVE-2017-2647", "UB:CVE-2017-6951", "UB:CVE-2017-7482", "UB:CVE-2017-7487", "UB:CVE-2017-7533", "UB:CVE-2017-7542", "UB:CVE-2017-8890", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9074", "UB:CVE-2017-9075", "UB:CVE-2017-9076", "UB:CVE-2017-9077", "UB:CVE-2017-9242"]}, {"type": "veracode", "idList": ["VERACODE:12641", "VERACODE:12645", "VERACODE:12710", "VERACODE:18242", "VERACODE:18247", "VERACODE:18253", "VERACODE:18254", "VERACODE:18255", "VERACODE:18256", "VERACODE:18257", "VERACODE:18258", "VERACODE:18829", "VERACODE:20165"]}, {"type": "virtuozzo", "idList": ["VZA-2017-019", "VZA-2017-021", "VZA-2017-042", "VZA-2017-043", "VZA-2017-044", "VZA-2017-045", "VZA-2017-046", "VZA-2017-047", "VZA-2017-065", "VZA-2017-067", "VZA-2017-068", "VZA-2017-069", "VZA-2017-070", "VZA-2017-075", "VZA-2017-076", "VZA-2017-077", "VZA-2017-078", "VZA-2017-079", "VZA-2018-072", "VZA-2018-074", "VZA-2018-075"]}, {"type": "zdt", "idList": ["1337DAY-ID-30013", "1337DAY-ID-31273"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-845", "ALAS-2017-846", "ALAS-2017-868", "ALAS-2017-870"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-10277", "ANDROID:CVE-2017-8890"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01"]}, {"type": "canvas", "idList": ["OVERLAYFS"]}, {"type": "centos", "idList": ["CESA-2017:2473", "CESA-2018:0169"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:18773E2EBFCA95CBB12CDED52A4EFFCC", "CFOUNDRY:4DDC563CC4B682CD1D8A3F51374BC77A", "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8", "CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF"]}, {"type": "cve", "idList": ["CVE-2014-9922", "CVE-2016-10277", "CVE-2017-1000363", "CVE-2017-1000380", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2647", "CVE-2017-6951", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3927-1:A186E", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3981-1:0F636"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9922", "DEBIANCVE:CVE-2017-1000363", "DEBIANCVE:CVE-2017-1000365", "DEBIANCVE:CVE-2017-1000380", "DEBIANCVE:CVE-2017-11176", "DEBIANCVE:CVE-2017-11473", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-6951", "DEBIANCVE:CVE-2017-7482", "DEBIANCVE:CVE-2017-7487", "DEBIANCVE:CVE-2017-7533", "DEBIANCVE:CVE-2017-7542", "DEBIANCVE:CVE-2017-8890", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9074", "DEBIANCVE:CVE-2017-9075", "DEBIANCVE:CVE-2017-9076", "DEBIANCVE:CVE-2017-9077", "DEBIANCVE:CVE-2017-9242"]}, {"type": "exploitdb", "idList": ["EDB-ID:42601", "EDB-ID:45553", "EDB-ID:45554"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:7E4B21925D392950552D213FE7157C98"]}, {"type": "f5", "idList": ["F5:K15412203", "F5:K32115847", "F5:K54170502", "F5:K84024430", "F5:K97457339"]}, {"type": "fedora", "idList": ["FEDORA:0BAA361AC35C", "FEDORA:1C7E86049D49", "FEDORA:274BB60875C4", "FEDORA:41D1B604B3B3", "FEDORA:44065605602A", "FEDORA:464D56087B08", "FEDORA:578BF6049496", "FEDORA:648496077DD1", "FEDORA:6F1BC604D0C1", "FEDORA:83CF561C31BC", "FEDORA:8C2C4605E539", "FEDORA:A65EC601F907", "FEDORA:B60446046988", "FEDORA:B704D609623F", "FEDORA:F02346079D15"]}, {"type": "githubexploit", "idList": ["F235C897-C385-56AB-B58E-500B01C27538"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170802-01-LINUX"]}, {"type": "ibm", "idList": ["DE695F71E3366E59E6428276E5EABA598BB2B1F9CA1025C553DC82926661E92A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-7533/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786520", "MYHACK58:62201787008", "MYHACK58:62201787108", "MYHACK58:62201787113"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-868.NASL", "ALA_ALAS-2017-870.NASL", "CENTOS_RHSA-2017-2473.NASL", "DEBIAN_DLA-1099.NASL", "DEBIAN_DSA-3927.NASL", "DEBIAN_DSA-3945.NASL", "DEBIAN_DSA-3981.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1160.NASL", "FEDORA_2017-273B67D5EE.NASL", "FEDORA_2017-39B5FACDA0.NASL", "FEDORA_2017-466D902289.NASL", "FEDORA_2017-544EEF948F.NASL", "FEDORA_2017-6554692044.NASL", "FEDORA_2017-6F06BE3FE9.NASL", "FEDORA_2017-73F71456D7.NASL", "FEDORA_2017-85744F8AA9.NASL", "FEDORA_2017-98548B066B.NASL", "FEDORA_2017-ADC7D95627.NASL", "FEDORA_2017-D3ED702FE4.NASL", "FEDORA_2017-DEB70B495E.NASL", "FEDORA_2017-E75602D3ED.NASL", "OPENSUSE-2017-666.NASL", "OPENSUSE-2017-890.NASL", "OPENSUSE-2017-891.NASL", "ORACLELINUX_ELSA-2017-2473-1.NASL", "ORACLELINUX_ELSA-2017-2473.NASL", "ORACLELINUX_ELSA-2017-3574.NASL", "ORACLELINUX_ELSA-2017-3575.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3621.NASL", "ORACLELINUX_ELSA-2017-3622.NASL", "ORACLELINUX_ELSA-2018-0169.NASL", "ORACLEVM_OVMSA-2017-0111.NASL", "ORACLEVM_OVMSA-2017-0112.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0152.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "REDHAT-RHSA-2017-2437.NASL", "REDHAT-RHSA-2017-2444.NASL", "REDHAT-RHSA-2017-2473.NASL", "REDHAT-RHSA-2017-2585.NASL", "REDHAT-RHSA-2017-2770.NASL", "REDHAT-RHSA-2017-2869.NASL", "REDHAT-RHSA-2018-0169.NASL", "REDHAT-RHSA-2019-0641.NASL", "SLACKWARE_SSA_2017-181-02.NASL", "SLACKWARE_SSA_2017-184-01.NASL", "SL_20170815_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-2041-1.NASL", "SUSE_SU-2017-2042-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2074-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2089-1.NASL", "SUSE_SU-2017-2090-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2094-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "SUSE_SU-2017-2286-1.NASL", "SUSE_SU-2017-2446-1.NASL", "SUSE_SU-2017-2447-1.NASL", "SUSE_SU-2017-2448-1.NASL", "SUSE_SU-2017-2475-1.NASL", "SUSE_SU-2017-2476-1.NASL", "SUSE_SU-2017-2497-1.NASL", "UBUNTU_USN-3377-1.NASL", "UBUNTU_USN-3377-2.NASL", "UBUNTU_USN-3378-1.NASL", "UBUNTU_USN-3378-2.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3392-1.NASL", "UBUNTU_USN-3392-2.NASL", "UBUNTU_USN-3404-1.NASL", "UBUNTU_USN-3404-2.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2017-043.NASL", "VIRTUOZZO_VZA-2017-044.NASL", "VIRTUOZZO_VZA-2017-045.NASL", "VIRTUOZZO_VZA-2017-047.NASL", "VIRTUOZZO_VZA-2017-065.NASL", "VIRTUOZZO_VZA-2017-067.NASL", "VIRTUOZZO_VZA-2017-068.NASL", "VIRTUOZZO_VZA-2017-069.NASL", "VIRTUOZZO_VZA-2017-070.NASL", "VIRTUOZZO_VZA-2017-076.NASL", "VIRTUOZZO_VZA-2017-077.NASL", "VIRTUOZZO_VZA-2017-078.NASL", "VIRTUOZZO_VZA-2017-079.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703927", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310703981", "OPENVAS:1361412562310843209", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843211", "OPENVAS:1361412562310843212", "OPENVAS:1361412562310843213", "OPENVAS:1361412562310843215", "OPENVAS:1361412562310843216", "OPENVAS:1361412562310843217", "OPENVAS:1361412562310843218", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843221", "OPENVAS:1361412562310843222", "OPENVAS:1361412562310843228", "OPENVAS:1361412562310843229", "OPENVAS:1361412562310843231", "OPENVAS:1361412562310843232", "OPENVAS:1361412562310843233", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843268", "OPENVAS:1361412562310843269", "OPENVAS:1361412562310843270", "OPENVAS:1361412562310843271", "OPENVAS:1361412562310843273", "OPENVAS:1361412562310843286", "OPENVAS:1361412562310843287", "OPENVAS:1361412562310843295", "OPENVAS:1361412562310843296", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851571", "OPENVAS:1361412562310851578", "OPENVAS:1361412562310851586", "OPENVAS:1361412562310851592", "OPENVAS:1361412562310871884", "OPENVAS:1361412562310872696", "OPENVAS:1361412562310872700", "OPENVAS:1361412562310872708", "OPENVAS:1361412562310872720", "OPENVAS:1361412562310872729", "OPENVAS:1361412562310872761", "OPENVAS:1361412562310872902", "OPENVAS:1361412562310873079", "OPENVAS:1361412562310873277", "OPENVAS:1361412562310873302", "OPENVAS:1361412562310882840", "OPENVAS:703886"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2473", "ELSA-2017-2473-1", "ELSA-2017-3574", "ELSA-2017-3575", "ELSA-2017-3576", "ELSA-2017-3595", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3621", "ELSA-2017-3622", "ELSA-2018-0169", "ELSA-2018-4021"]}, {"type": "photon", "idList": ["PHSA-2017-0018", "PHSA-2017-0019", "PHSA-2017-0025", "PHSA-2017-0028", "PHSA-2017-0029", "PHSA-2017-0035", "PHSA-2017-0044", "PHSA-2017-0052", "PHSA-2018-2.0-0101"]}, {"type": "redhat", "idList": ["RHSA-2017:2444", "RHSA-2017:2770", "RHSA-2017:2869", "RHSA-2018:0169"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000363", "RH:CVE-2017-1000365", "RH:CVE-2017-1000380", "RH:CVE-2017-11176", "RH:CVE-2017-11473", "RH:CVE-2017-2647", "RH:CVE-2017-6951", "RH:CVE-2017-7482", "RH:CVE-2017-7487", "RH:CVE-2017-7533", "RH:CVE-2017-7542", "RH:CVE-2017-8890", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9074", "RH:CVE-2017-9075", "RH:CVE-2017-9076", "RH:CVE-2017-9077", "RH:CVE-2017-9242"]}, {"type": "seebug", "idList": ["SSV:93140", "SSV:93143", "SSV:93207"]}, {"type": "slackware", "idList": ["SSA-2017-177-01", "SSA-2017-180-01", "SSA-2017-181-02", "SSA-2017-184-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:1513-1", "OPENSUSE-SU-2017:2110-1", "OPENSUSE-SU-2017:2112-1", "SUSE-SU-2017:2041-1", "SUSE-SU-2017:2042-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2069-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2074-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2089-1", "SUSE-SU-2017:2090-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2094-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2114-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2447-1", "SUSE-SU-2017:2448-1", "SUSE-SU-2017:2475-1", "SUSE-SU-2017:2476-1", "SUSE-SU-2017:2497-1", "SUSE-SU-2018:0213-1"]}, {"type": "threatpost", "idList": ["THREATPOST:54E7457360B9B4CFC6843F7B3E0C5367"]}, {"type": "ubuntu", "idList": ["USN-3342-1", "USN-3342-2", "USN-3343-1", "USN-3343-2", "USN-3344-1", "USN-3344-2", "USN-3345-1", "USN-3377-1", "USN-3377-2", "USN-3378-1", "USN-3378-2", "USN-3381-1", "USN-3381-2", "USN-3392-1", "USN-3392-2", "USN-3404-1", "USN-3404-2", "USN-3468-1", "USN-3468-2", "USN-3468-3", "USN-3470-1", "USN-3470-2", "USN-3583-1", "USN-3583-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9922", "UB:CVE-2017-1000363", "UB:CVE-2017-1000365", "UB:CVE-2017-1000380", "UB:CVE-2017-11176", "UB:CVE-2017-11473", "UB:CVE-2017-2647", "UB:CVE-2017-6951", "UB:CVE-2017-7482", "UB:CVE-2017-7487", "UB:CVE-2017-7533", "UB:CVE-2017-7542", "UB:CVE-2017-8890", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9074", "UB:CVE-2017-9075", "UB:CVE-2017-9076", "UB:CVE-2017-9077", "UB:CVE-2017-9242"]}, {"type": "virtuozzo", "idList": ["VZA-2017-019", "VZA-2017-021", "VZA-2017-042", "VZA-2017-043", "VZA-2017-044", "VZA-2017-045", "VZA-2017-046", "VZA-2017-047", "VZA-2017-065", "VZA-2017-067", "VZA-2017-068", "VZA-2017-069", "VZA-2017-070", "VZA-2017-075", "VZA-2017-076", "VZA-2017-077", "VZA-2017-078", "VZA-2017-079", "VZA-2018-072", "VZA-2018-074", "VZA-2018-075"]}, {"type": "zdt", "idList": ["1337DAY-ID-30013", "1337DAY-ID-31273"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-9922", "epss": 0.00081, "percentile": 0.33191, "modified": "2023-05-06"}, {"cve": "CVE-2016-10277", "epss": 0.0018, "percentile": 0.53631, "modified": "2023-05-06"}, {"cve": "CVE-2017-1000363", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-06"}, {"cve": "CVE-2017-1000365", "epss": 0.00062, "percentile": 0.24605, "modified": "2023-05-06"}, {"cve": "CVE-2017-1000380", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-11176", "epss": 0.00093, "percentile": 0.38377, "modified": "2023-05-06"}, {"cve": "CVE-2017-11473", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-2647", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-6951", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7482", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2017-7487", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-7533", "epss": 0.00049, "percentile": 0.15489, "modified": "2023-05-06"}, {"cve": "CVE-2017-7542", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-8890", "epss": 0.00074, "percentile": 0.30287, "modified": "2023-05-06"}, {"cve": "CVE-2017-8924", "epss": 0.00064, "percentile": 0.26028, "modified": "2023-05-06"}, {"cve": "CVE-2017-8925", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9074", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9075", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9076", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9077", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2017-9242", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1694271922, "score": 1694272518, "epss": 0}, "_internal": {"score_hash": "58d89db0ff59c5f6fe4ccaa6ca51d2d6"}, "pluginID": "103110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2389-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103110);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9922\", \"CVE-2016-10277\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-2647\", \"CVE-2017-6951\", \"CVE-2017-7482\", \"CVE-2017-7487\", \"CVE-2017-7533\", \"CVE-2017-7542\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-7482: Several missing length checks ticket\n decode allowing for information leak or potentially code\n execution (bsc#1046107).\n\n - CVE-2016-10277: Potential privilege escalation due to a\n missing bounds check in the lp driver. A kernel\n command-line adversary can overflow the parport_nr array\n to execute code (bsc#1039456).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bsc#1049882).\n\n - CVE-2017-7533: Bug in inotify code allowing privilege\n escalation (bsc#1049483).\n\n - CVE-2017-11176: The mq_notify function in the Linux\n kernel did not set the sock pointer to NULL upon entry\n into the retry logic. During a user-space close of a\n Netlink socket, it allowed attackers to cause a denial\n of service (use-after-free) or possibly have unspecified\n other impact (bsc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-1000365: The Linux Kernel imposed a size\n restriction on the arguments and environmental strings\n passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the\n size), but did not take the argument and environment\n pointers into account, which allowed attackers to bypass\n this limitation. (bnc#1039354)\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux\n kernel allowed local users to gain privileges via a\n large filesystem stack that includes an overlayfs layer,\n related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bnc#1032340)\n\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti\n USB serial device) to trigger an integer underflow\n (bnc#1038982).\n\n - CVE-2017-8925: The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel allowed\n local users to cause a denial of service (tty\n exhaustion) by leveraging reference count mishandling\n (bnc#1038981).\n\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a\n data race in the ALSA /dev/snd/timer driver resulting in\n local users being able to read information belonging to\n other users, i.e., uninitialized memory contents could\n have bene disclosed when a read and an ioctl happen at\n the same time (bnc#1044125)\n\n - CVE-2017-9242: The __ip6_append_data function in\n net/ipv6/ip6_output.c was too late in checking whether\n an overwrite of an skb data structure may occur, which\n allowed local users to cause a denial of service (system\n crash) via crafted system calls (bnc#1041431)\n\n - CVE-2017-1000363: A buffer overflow in kernel\n commandline handling of the 'lp' parameter could be used\n by local console attackers to bypass certain secure boot\n settings. (bnc#1039456)\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885)\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1040069)\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039883)\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882)\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bnc#1038879)\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bnc#1038544)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash)\n via vectors involving a NULL value for a certain match\n field, related to the keyring_search_iterator function\n in keyring.c (bnc#1030593)\n\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a request_key system call for\n the 'dead' type (bnc#1029850)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=784815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=792863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11176/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9242/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d921ed6a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-13274=1\n\nSUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch\nslertesp4-kernel-13274=1\n\nSUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t\npatch slehasp4-kernel-13274=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-13274=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "solution": "To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-13274=1\n\nSUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch slertesp4-kernel-13274=1\n\nSUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t patch slehasp4-kernel-13274=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-13274=1\n\nTo bring your system up-to-date, use 'zypper patch'.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-09-08T00:00:00", "vulnerabilityPublicationDate": "2017-03-16T00:00:00", "exploitableWith": []}

{"suse": [{"lastseen": "2017-09-09T09:57:39", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7482: Several missing length checks ticket decode allowing for\n information leak or potentially code execution (bsc#1046107).\n - CVE-2016-10277: Potential privilege escalation due to a missing bounds\n check in the lp driver. A kernel command-line adversary can overflow the\n parport_nr array to execute code (bsc#1039456).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bsc#1049882).\n - CVE-2017-7533: Bug in inotify code allowing privilege escalation\n (bsc#1049483).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bsc#1048275).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354)\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local\n users to gain privileges via a large filesystem stack that includes an\n overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bnc#1032340)\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in\n the ALSA /dev/snd/timer driver resulting in local users being able to\n read information belonging to other users, i.e., uninitialized memory\n contents could have bene disclosed when a read and an ioctl happen at\n the same time (bnc#1044125)\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n was too late in checking whether an overwrite of an skb data structure\n may occur, which allowed local users to cause a denial of service\n (system crash) via crafted system calls (bnc#1041431)\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of\n the &quot;lp&quot; parameter could be used by local console attackers to bypass\n certain secure boot settings. (bnc#1039456)\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882)\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879)\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544)\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593)\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the &quot;dead&quot; type (bnc#1029850)\n\n The following non-security bugs were fixed:\n\n - 8250: use callbacks to access UART_DLL/UART_DLM.\n - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).\n - ALSA: hda - Fix regression of HD-audio controller fallback modes\n (bsc#1045538).\n - ALSA: hda - using uninitialized data (bsc#1045538).\n - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop\n (bsc#1045538).\n - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup\n (bsc#1045538).\n - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).\n - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).\n - Add CVE tag to references\n - CIFS: backport prepath matching fix (bsc#799133).\n - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).\n - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().\n - Fix scripts/bigmem-generate-ifdef-guard to work on all branches\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - IB/mlx4: Demote mcg message from warning to debug (bsc#919382).\n - IB/mlx4: Fix ib device initialization error flow (bsc#919382).\n - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).\n - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).\n - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level\n (bsc#919382).\n - IB/mlx4: Set traffic class in AH (bsc#919382).\n - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE\n operation (bsc#1036288).\n - Input: cm109 - validate number of endpoints before using them\n (bsc#1037193).\n - Input: hanwang - validate number of endpoints before using them\n (bsc#1037232).\n - Input: yealink - validate number of endpoints before using them\n (bsc#1037227).\n - KEYS: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - NFS: Avoid getting confused by confused server (bsc#1045416).\n - NFS: Fix another OPEN_DOWNGRADE bug (git-next).\n - NFS: Fix size of NFSACL SETACL operations (git-fixes).\n - NFS: Make nfs_readdir revalidate less often (bsc#1048232).\n - NFS: tidy up nfs_show_mountd_netid (git-fixes).\n - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688\n bsc#1051770).\n - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).\n - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).\n - NFSv4: Fix problems with close in the presence of a delegation\n (git-fixes).\n - NFSv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - NFSv4: fix getacl head length estimation (git-fixes).\n - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).\n - Remove superfluous make flags (bsc#1012422)\n - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).\n - Revert &quot;math64: New div64_u64_rem helper&quot; (bnc#938352).\n - SUNRPC: Fix a memory leak in the backchannel code (git-fixes).\n - Staging: vt6655-6: potential NULL dereference in\n hostap_disable_hostapd() (bsc#1045479).\n - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).\n - USB: class: usbtmc: do not print error when allocating urb fails\n (bsc#1036288).\n - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).\n - USB: iowarrior: fix NULL-deref in write (bsc#1037359).\n - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).\n - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).\n - USB: serial: ark3116: fix register-accessor error handling (git-fixes).\n - USB: serial: ch341: fix open error handling (bsc#1037441).\n - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).\n - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).\n - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).\n - USB: serial: io_ti: fix information leak in completion handler\n (git-fixes).\n - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).\n - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).\n - USB: serial: sierra: fix bogus alternate-setting assumption\n (bsc#1037441).\n - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).\n - USB: usbip: fix nonconforming hub descriptor (bsc#1047487).\n - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).\n - USB: usbtmc: Change magic number to constant (bsc#1036288).\n - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).\n - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).\n - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).\n - USB: usbtmc: add missing endpoint sanity check (bsc#1036288).\n - USB: usbtmc: fix DMA on stack (bsc#1036288).\n - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).\n - USB: usbtmc: fix probe error path (bsc#1036288).\n - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk\n (bsc#1036288).\n - USB: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).\n - Use make --output-sync feature when available (bsc#1012422).\n - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891,\n bsc#1023051).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - ath9k: fix buffer overrun for ar9287 (bsc#1045538).\n - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU\n (bsc#1035721).\n - blacklist.conf: Add a few inapplicable items (bsc#1045538).\n - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub\n to weak to prevent gcc from using short jumps to it') The released\n kernels are not build with a gas new enough to optimize the jmps so that\n this patch would be required. (bsc#1051478)\n - blkback/blktap: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: fix ext_dev_lock lockdep report (bsc#1050154).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - cifs: Timeout on SMBNegotiate request (bsc#1044913).\n - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode\n numbers are in use (bsc#1041975). backporting upstream commit\n 2f2591a34db6c9361faa316c91a6e320cb4e6aee\n - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).\n - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).\n - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).\n - decompress_bunzip2: off by one in get_next_block() (git-fixes).\n - dentry name snapshots (bsc#1049483).\n - devres: fix a for loop bounds check (git-fixes).\n - dm: fix ioctl retry termination with signal (bsc#1050154).\n - drm/mgag200: Add support for G200eH3 (bnc#1044216)\n - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,\n bsc#995542).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix fdatasync(2) after extent manipulation operations\n (bsc#1013018).\n - ext4: keep existing extra fields when inode expands (bsc#1013018).\n - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).\n - firmware: fix directory creation rule matching with make 3.80\n (bsc#1012422).\n - firmware: fix directory creation rule matching with make 3.82\n (bsc#1012422).\n - fixed invalid assignment of 64bit mask to host dma_boundary for scatter\n gather segment boundary limit (bsc#1042045).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fnic: Using rport-&gt;dd_data to check rport online instead of rport_lookup\n (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr\n (bsc#1013018).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fuse: add missing FR_FORCE (bsc#1013018).\n - genirq: Prevent proc race against freeing of irq descriptors\n (bnc#1044230).\n - hrtimer: Allow concurrent hrtimer_start() for self restarting timers\n (bnc#1013018).\n - initial cr0 bits (bnc#1036056, LTC#153612).\n - ipmr, ip6mr: fix scheduling while atomic and a deadlock with\n ipmr_get_route (git-fixes).\n - irq: Fix race condition (bsc#1042615).\n - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).\n - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).\n - jsm: add support for additional Neo cards (bsc#1045615).\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - libata: fix sff host state machine locking while polling (bsc#1045525).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libceph: potential NULL dereference in ceph_msg_data_create()\n (bsc#1051515).\n - libfc: fixup locking in fc_disc_stop() (bsc#1029140).\n - libfc: move 'pending' and 'requested' setting (bsc#1029140).\n - libfc: only restart discovery after timeout if not already running\n (bsc#1029140).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).\n - math64: New div64_u64_rem helper (bnc#938352).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid1: extend spinlock to protect raid1_end_read_request against\n inconsistencies (git-fixes).\n - md/raid1: fix test for 'was read error from last working device'\n (git-fixes).\n - md/raid5: Fix CPU hotplug callback registration (git-fixes).\n - md/raid5: do not record new size if resize_stripes fails (git-fixes).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md: fix a null dereference (bsc#1040351).\n - md: flush -&gt;event_work before stopping array (git-fixes).\n - md: make sure GET_ARRAY_INFO ioctl reports correct &quot;clean&quot; status\n (git-fixes).\n - md: use separate bio_pool for metadata writes (bsc#1040351).\n - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).\n - mlx4: reduce OOM risk on arches with large pages (bsc#919382).\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm/memory-failure.c: use compound_head() flags for huge pages\n (bnc#971975 VM -- git fixes).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore\n (bsc#1045547).\n - mmc: ushc: fix NULL-deref at probe (bsc#1037191).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).\n - net/mlx4: Fix the check in attaching steering rules (bsc#919382).\n - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode\n to device managed flow steering (bsc#919382).\n - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV\n (bsc#919382).\n - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to\n physical (bsc#919382).\n - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on\n new probed PFs (bsc#919382).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#919382).\n - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).\n - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#919382).\n - net/mlx4_core: Use-after-free causes a resource leak in flow-steering\n detach (bsc#919382).\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).\n - net/mlx4_en: Change the error print to debug print (bsc#919382).\n - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).\n - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).\n - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).\n - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).\n - net: avoid reference counter overflows on fib_rules in multicast\n forwarding (git-fixes).\n - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bnc#784815).\n - nfs: fix nfs_size_to_loff_t (git-fixes).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).\n - perf/core: Fix event inheritance on fork() (bnc#1013018).\n - powerpc/ibmebus: Fix device reference leaks in sysfs interface\n (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777\n [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()\n (bsc#1032471).\n - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).\n - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).\n - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID\n (bsc#1032471).\n - powerpc/mm/hash: Support 68 bit VA (bsc#1032471).\n - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).\n - powerpc/mm/slice: Convert slice_mask high slice to a bitmap\n (bsc#1032471).\n - powerpc/mm/slice: Fix off-by-1 error when computing slice mask\n (bsc#1032471).\n - powerpc/mm/slice: Move slice_mask struct definition to slice.c\n (bsc#1032471).\n - powerpc/mm/slice: Update slice mask printing to use bitmap printing\n (bsc#1032471).\n - powerpc/mm/slice: Update the function prototype (bsc#1032471).\n - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET\n (bsc#928138).\n - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small\n (bsc#1032471).\n - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital\n (bsc#1032471).\n - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777\n [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/pseries: Release DRC when configure_connector fails\n (bsc#1035777, Pending Base Kernel Fixes).\n - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).\n - powerpc: Remove STAB code (bsc#1032471).\n - random32: fix off-by-one in seeding requirement (git-fixes).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).\n - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).\n - s390/qdio: clear DSCI prior to scanning multiple input queues\n (bnc#1046715, LTC#156234).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).\n - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).\n - sched/core: Remove false-positive warning from wake_up_process()\n (bnc#1044882).\n - sched/cputime: Do not scale when utime == 0 (bnc#938352).\n - sched/debug: Print the scheduler topology group mask (bnc#1013018).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).\n - sched/fair: Fix min_vruntime tracking (bnc#1013018).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep\n for b60205c7c558 sched/fair: Fix min_vruntime tracking\n - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).\n - sched/topology: Move comment about asymmetric node setups (bnc#1013018).\n - sched/topology: Optimize build_group_mask() (bnc#1013018).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1013018).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1013018).\n - sched: Always initialize cpu-power (bnc#1013018).\n - sched: Avoid cputime scaling overflow (bnc#938352).\n - sched: Avoid prev-&gt;stime underflow (bnc#938352).\n - sched: Do not account bogus utime (bnc#938352).\n - sched: Fix SD_OVERLAP (bnc#1013018).\n - sched: Fix domain iteration (bnc#1013018).\n - sched: Lower chances of cputime scaling overflow (bnc#938352).\n - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'\n (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime\n tracking\n - sched: Rename a misleading variable in build_overlap_sched_groups()\n (bnc#1013018).\n - sched: Use swap() macro in scale_stime() (bnc#938352).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: fix race between simultaneous decrements of -&gt;host_failed\n (bsc#1050154).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mvsas: fix command_active typo (bsc#1050154).\n - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init\n (bsc#1050154).\n - sfc: do not device_attach if a reset is pending (bsc#909618).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - splice: Stub splice_write_to_file (bsc#1043234).\n - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).\n - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).\n - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).\n - udf: Fix races with i_size changes during readpage (bsc#1013018).\n - usbtmc: remove redundant braces (bsc#1036288).\n - usbtmc: remove trailing spaces (bsc#1036288).\n - usbvision: fix NULL-deref at probe (bsc#1050431).\n - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).\n - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).\n - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).\n - vmxnet3: avoid calling pskb_may_pull with interrupts disabled\n (bsc#1045356).\n - vmxnet3: fix checks for dma mapping errors (bsc#1045356).\n - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).\n - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates\n (bsc#948562).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression\n greater than 0 (bsc#1051478).\n - xen: avoid deadlock in xenbus (bnc#1047523).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).\n - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).\n - xfs: use -&gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).\n\n", "cvss3": {}, "published": "2017-09-08T18:09:08", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10277", "CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-7533", "CVE-2017-8924", "CVE-2017-7482", "CVE-2014-9922", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-8925", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2017-09-08T18:09:08", "id": "SUSE-SU-2017:2389-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-13T16:48:28", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate certain levels data, which allowed local users to cause a\n denial of service (system hang) via a crafted ioctl call for a\n /dev/dri/renderD* device (bnc#1031796).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow. (bsc#1038982)\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling. (bsc#1038981)\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the\n Linux kernel did not make the allow_ptr_leaks value available for\n restricting the output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via crafted bpf\n system calls (bnc#1040279).\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to\n cause a denial of service (API operation calling its own callback, and\n infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n\n The following non-security bugs were fixed:\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal\n (bsc#1031717).\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68\n stable queue).\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2\n mode (4.4.68 stable queue).\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable\n queue).\n - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()\n (bsc#1043231).\n - ASoC: rt5640: use msleep() for long delays (bsc#1031717).\n - ASoC: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n - bcache: fix calling ida_simple_remove() with incorrect minor\n (bsc#1038085).\n - block: copy NOMERGE flag from bio to request (bsc#1030070).\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n - bna: add missing per queue ethtool stat (bsc#966321).\n - bna: avoid writing uninitialized data into hw registers (bsc#966321).\n - bna: integer overflow bug in debugfs (bsc#966321).\n - bnxt_en: allocate enough space for -&gt;ntp_fltr_bmap (bsc#1020412\n FATE#321671).\n - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal\n (bsc#1042286).\n - bonding: do not use stale speed and duplex information (bsc#1042286).\n - bonding: prevent out of bound accesses (bsc#1042286).\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable\n queue).\n - brcmfmac: add fallback for devices that do not report per-chain values\n (bsc#1043231).\n - brcmfmac: avoid writing channel out of allocated array (bsc#1043231).\n - brcmfmac: Ensure pointer correctly set if skb data location changes\n (4.4.68 stable queue).\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n - btrfs: add btrfs_trans_handle-&gt;fs_info pointer (bsc#1012452).\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n - btrfs: add dynamic debug support (bsc#1012452).\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n - btrfs: add more validation checks for superblock (bsc#1012452).\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n - btrfs: add semaphore to synchronize direct IO writes with fsync\n (bsc#1012452).\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n - btrfs: add tracepoints for flush events (bsc#1012452).\n - btrfs: add transaction space reservation tracepoints (bsc#1012452).\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n - btrfs: always use trans-&gt;block_rsv for orphans (bsc#1012452).\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block\n (bsc#1012452).\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n - btrfs: avoid uninitialized variable warning (bsc#1012452).\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing\n delalloc space (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block\n size (bsc#1012452).\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined\n (bsc#1012452).\n - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone\n operation (bsc#1012452).\n - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units\n (bsc#1012452).\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction\n (bsc#1012452).\n - btrfs: btrfs_submit_direct_hook: Handle map_length &lt; bio vector length\n (bsc#1012452).\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup()\n (bsc#1012452).\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n - btrfs: change how we update the global block rsv (bsc#1012452).\n - btrfs: check btree node's nritems (bsc#1012452).\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n - btrfs: check reserved when deciding to background flush (bsc#1012452).\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n - btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452).\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer\n (bsc#1012452).\n - btrfs: Compute and look up csums based on sectorsized blocks\n (bsc#1012452).\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n - btrfs: csum_tree_block: return proper errno value (bsc#1012452).\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n - btrfs: device add and remove: use GFP_KERNEL (bsc#1012452).\n - btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452).\n - btrfs: disable possible cause of premature ENOSPC (bsc#1040182)\n - btrfs: divide btrfs_update_reserved_bytes() into two functions\n (bsc#1012452).\n - btrfs: do not background blkdev_put() (bsc#1012452).\n - btrfs: do not bother kicking async if there's nothing to reclaim\n (bsc#1012452).\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n - btrfs: do not create empty block group if we have allocated data\n (bsc#1012452).\n - btrfs: do not decrease bytes_may_use when replaying extents\n (bsc#1012452).\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n - btrfs: do not do unnecessary delalloc flushes when relocating\n (bsc#1012452).\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or\n more subvolumes (bsc#1012452).\n - btrfs: do not wait for unrelated IO to finish before relocation\n (bsc#1012452).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1035866).\n - btrfs: do not write corrupted metadata blocks to disk (bsc#1012452).\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path\n (bsc#1012452).\n - btrfs: error out if generic_bin_search get invalid arguments\n (bsc#1012452).\n - btrfs: expand cow_file_range() to support in-band dedup and\n subpage-blocksize (bsc#1012452).\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support\n in-band dedupe and subpage size patchset (bsc#1012452).\n - btrfs: extent same: use GFP_KERNEL for page array allocations\n (bsc#1012452).\n - btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452).\n - btrfs: fallocate: use GFP_KERNEL (bsc#1012452).\n - btrfs: fallocate: Work with sectorsized blocks (bsc#1012452).\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n - btrfs: fix an integer overflow check (bsc#1012452).\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n - btrfs: Fix block size returned to user space (bsc#1012452).\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n - btrfs: fix build warning (bsc#1012452).\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks\n (bsc#1012452).\n - btrfs: fix data loss after truncate when using the no-holes feature\n (bsc#1036214).\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n - btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452).\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n - btrfs: fix double free of fs root (bsc#1012452).\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf()\n (bsc#1012452).\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n - btrfs: fix extent_same allowing destination offset beyond i_size\n (bsc#1012452).\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n - btrfs: fix fspath error deallocation (bsc#1012452).\n - btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452).\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap\n (bsc#1012452).\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n - btrfs: fix invalid reference in replace_path (bsc#1012452).\n - btrfs: fix listxattrs not listing all xattrs packed in the same item\n (bsc#1012452).\n - btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452).\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex\n and uuid_mutex (bsc#1012452).\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex\n (bsc#1012452).\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n - btrfs: fix mixed block count of available space (bsc#1012452).\n - btrfs: fix one bug that process may endlessly wait for ticket in\n wait_reserve_ticket() (bsc#1012452).\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n - btrfs: fix race between block group relocation and nocow writes\n (bsc#1012452).\n - btrfs: fix race between device replace and block group removal\n (bsc#1012452).\n - btrfs: fix race between device replace and chunk allocation\n (bsc#1012452).\n - btrfs: fix race between device replace and discard (bsc#1012452).\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n - btrfs: fix race between fsync and direct IO writes for prealloc extents\n (bsc#1012452).\n - btrfs: fix race between readahead and device replace/removal\n (bsc#1012452).\n - btrfs: fix race setting block group back to RW mode during device\n replace (bsc#1012452).\n - btrfs: fix race setting block group readonly during device replace\n (bsc#1012452).\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n - btrfs: Fix slab accounting flags (bsc#1012452).\n - btrfs: fix truncate_space_check (bsc#1012452).\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n - btrfs: fix unprotected assignment of the left cursor for device replace\n (bsc#1012452).\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n - btrfs: flush_space: treat return value of do_chunk_alloc properly\n (bsc#1012452).\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n - btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452).\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n - btrfs: introduce device delete by devid (bsc#1012452).\n - btrfs: introduce raid-type to error-code table, for minimum device\n constraint (bsc#1012452).\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n - btrfs: introduce tickets_id to determine whether asynchronous metadata\n reclaim work makes progress (bsc#1012452).\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n - btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452).\n - btrfs: Limit inline extents to root-&gt;sectorsize (bsc#1012452).\n - btrfs: make find_workspace always succeed (bsc#1012452).\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n - btrfs: make mapping-&gt;writeback_index point to the last written page\n (bsc#1012452).\n - btrfs: make state preallocation more speculative in __set_extent_bit\n (bsc#1012452).\n - btrfs: make sure device is synced before return (bsc#1012452).\n - btrfs: make sure we stay inside the bvec during __btrfs_lookup_bio_sums\n (bsc#1012452).\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device()\n (bsc#1012452).\n - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n - btrfs: optimize check for stale device (bsc#1012452).\n - btrfs: Output more info for enospc_debug mount option (bsc#1012452).\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n - btrfs: pass number of devices to btrfs_check_raid_min_devices\n (bsc#1012452).\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n - btrfs: preallocate compression workspaces (bsc#1012452).\n - btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452).\n - btrfs: Ratelimit &quot;no csum found&quot; info message (bsc#1012452).\n - btrfs: reada: add all reachable mirrors into reada device list\n (bsc#1012452).\n - btrfs: reada: Add missed segment checking in reada_find_zone\n (bsc#1012452).\n - btrfs: reada: Avoid many times of empty loop (bsc#1012452).\n - btrfs: reada: avoid undone reada extents in btrfs_reada_wait\n (bsc#1012452).\n - btrfs: reada: bypass adding extent when all zone failed (bsc#1012452).\n - btrfs: reada: Fix a debug code typo (bsc#1012452).\n - btrfs: reada: Fix in-segment calculation for reada (bsc#1012452).\n - btrfs: reada: ignore creating reada_extent for a non-existent device\n (bsc#1012452).\n - btrfs: reada: Jump into cleanup in direct way for __readahead_hook()\n (bsc#1012452).\n - btrfs: reada: limit max works count (bsc#1012452).\n - btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452).\n - btrfs: reada: move reada_extent_put to place after __readahead_hook()\n (bsc#1012452).\n - btrfs: reada: Pass reada_extent into __readahead_hook directly\n (bsc#1012452).\n - btrfs: reada: reduce additional fs_info-&gt;reada_lock in reada_find_zone\n (bsc#1012452).\n - btrfs: reada: Remove level argument in severial functions (bsc#1012452).\n - btrfs: reada: simplify dev-&gt;reada_in_flight processing (bsc#1012452).\n - btrfs: reada: Use fs_info instead of root in __readahead_hook's argument\n (bsc#1012452).\n - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).\n - btrfs: readdir: use GFP_KERNEL (bsc#1012452).\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning\n (bsc#1012452).\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: remove redundant error check (bsc#1012452).\n - btrfs: remove save_error_info() (bsc#1012452).\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf\n (bsc#1012452).\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n - btrfs: rename and document compression workspace members (bsc#1012452).\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n - btrfs: Reset IO error counters before start of device replacing\n (bsc#1012452).\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage\n (bsc#1012452).\n - btrfs: Round down values which are written for total_bytes_size\n (bsc#1043912).\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block\n (bsc#1012452).\n - btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452).\n - btrfs: Search for all ordered extents that could span across a page\n (bsc#1012452).\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).\n - btrfs: send: use temporary variable to store allocation size\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n - btrfs: Simplify conditions about compress while mapping btrfs flags to\n inode flags (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n - btrfs: skip commit transaction if we do not have enough pinned bytes\n (bsc#1037186).\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n - btrfs: switch to common message helpers in open_ctree, adjust messages\n (bsc#1012452).\n - btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452).\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n - btrfs: trace pinned extents (bsc#1012452).\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move struct\n btrfs_ioctl_defrag_range_args (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines\n (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n - btrfs: unsplit printed strings (bsc#1012452).\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n - btrfs: Use correct format specifier (bsc#1012452).\n - btrfs: use correct offset for reloc_inode in\n prealloc_file_extent_cluster() (bsc#1012452).\n - btrfs: use dynamic allocation for root item in create_subvol\n (bsc#1012452).\n - btrfs: Use (eb-&gt;start, seq) as search key for tree modification log\n (bsc#1012452).\n - btrfs: use existing device constraints table btrfs_raid_array\n (bsc#1012452).\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes\n (bsc#1012452).\n - btrfs: use fs_info directly (bsc#1012452).\n - btrfs: use new error message helper in qgroup_account_snapshot\n (bsc#1012452).\n - btrfs: use proper type for failrec in extent_state (bsc#1012452).\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - ceph: Check that the new inode size is within limits in ceph_fallocate()\n (bsc#1037969).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n - ceph: fix potential use-after-free (bsc#1043371).\n - ceph: fix recursively call between ceph_set_acl and __ceph_setattr\n (bsc#1034902).\n - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810).\n - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode\n (bsc#1012829).\n - cgroup: remove redundant cleanup in css_create (bsc#1012829).\n - cifs: backport prepath matching fix (bsc#799133).\n - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935).\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores\n (4.4.68 stable queue).\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n - cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424).\n - cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424).\n - cxgb4: add new routine to get adapter info (bsc#1021424).\n - cxgb4: Add PCI device ID for new adapter (bsc#1021424).\n - cxgb4: Add port description for new cards (bsc#1021424).\n - cxgb4: Add support to enable logging of firmware mailbox commands\n (bsc#1021424).\n - cxgb4: Check for firmware errors in the mailbox command loop\n (bsc#1021424).\n - cxgb4: correct device ID of T6 adapter (bsc#1021424).\n - cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424).\n - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter\n (bsc#1021424).\n - cxgb4/cxgb4vf: Assign netdev-&gt;dev_port with port ID (bsc#1021424).\n - cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424).\n - cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424).\n - cxgb4: DCB message handler needs to use correct portid to netdev mapping\n (bsc#1021424).\n - cxgb4: Decode link down reason code obtained from firmware (bsc#1021424).\n - cxgb4: Do not assume FW_PORT_CMD reply is always port info msg\n (bsc#1021424).\n - cxgb4: do not call napi_hash_del() (bsc#1021424).\n - cxgb4: Do not sleep when mbox cmd is issued from interrupt context\n (bsc#1021424).\n - cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424).\n - cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424).\n - cxgb4: MU requested by Chelsio (bsc#1021424).\n - cxgb4: Properly decode port module type (bsc#1021424).\n - cxgb4: Refactor t4_port_init function (bsc#1021424).\n - cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled\n (bsc#1021424).\n - cxgb4: Support compressed error vector for T6 (bsc#1021424).\n - cxgb4: Synchronize access to mailbox (bsc#1021424).\n - cxgb4: update latest firmware version supported (bsc#1021424).\n - dell-laptop: Adds support for keyboard backlight timeout AC settings\n (bsc#1013561).\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n - dm: remove dummy dm_table definition (bsc#1045307)\n - dm round robin: do not use this_cpu_ptr() without having preemption\n disabled (bsc#1040125).\n - dm verity fec: fix block calculation (bsc#1040125).\n - dm verity fec: fix bufio leaks (bsc#1040125).\n - dm verity fec: limit error correction recursion (bsc#1040125).\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments\n (bsc#1031717).\n - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()\n (fate#320485, bsc#1023287, bsc#1028217).\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O\n (bsc#1031717).\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error\n (bsc#1031717).\n - drm/i915: Fix mismatched INIT power domain disabling during suspend\n (bsc#1031717).\n - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581).\n - drm/i915: Nuke debug messages from the pipe update critical section\n (bsc#1031717).\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl\n (bsc#1040463).\n - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,\n bsc#995542).\n - drm/nouveau/tmr: fully separate alarm execution/pending lists\n (bsc#1043467).\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable\n queue).\n - e1000e: Do not return uninitialized stats (bug#1034635).\n - efi: Do not issue error message when booted under Xen (bnc#1036638).\n - enic: set skb-&gt;hash type properly (bsc#922871 fate#318754).\n - ext4: fix data corruption for mmap writes (bsc#1012829).\n - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829).\n - ext4: fix use-after-iput when fscrypt contexts are inconsistent\n (bsc#1012829).\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n - f2fs: sanity check segment count (4.4.68 stable queue).\n - Fix kabi after adding new field to struct mddev (bsc#1040351).\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n - fuse: fix clearing suid, sgid for chown() (bsc#1012829).\n - hpsa: limit transfer length to 1MB (bsc#1025461).\n - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).\n - ib/addr: Fix setting source address in addr6_resolve() (bsc#1044082).\n - ib/core: Fix kernel crash during fail to initialize device (bsc#1022595).\n - ib/core: For multicast functions, verify that LIDs are multicast LIDs\n (bsc#1022595).\n - ib/core: If the MGID/MLID pair is not on the list return an error\n (bsc#1022595).\n - ib/ipoib: Fix deadlock between ipoib_stop and mcast join flow\n (bsc#1022595).\n - ib/ipoib: Fix memory leak in create child syscall (bsc#1022595).\n - ib/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172\n bsc#966191).\n - ib/mlx5: Check supported flow table size (bsc#966170 bsc#966172\n bsc#966191).\n - ib/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191).\n - ib/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172\n bsc#966191).\n - ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767).\n - ibmvnic: Add set_link_state routine for setting adapter link state\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate number of rx/tx buffers agreed on by firmware\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Call napi_disable instead of napi_enable in failure path\n (fate#322021, bsc#1031512).\n - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021,\n bsc#1040855).\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021,\n bsc#1038297).\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n - ibmvnic: Client-initiated failover (bsc#1043990).\n - ibmvnic: Continue skb processing after skb completion error\n (fate#322021, bsc#1038297).\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n - ibmvnic: Correct ibmvnic handling of device open/close (fate#322021,\n bsc#1031512).\n - ibmvnic: Correct return code checking for ibmvnic_init during probe\n (bsc#1045286).\n - ibmvnic: Create init and release routines for the bounce buffer\n (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the rx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init and release routines for the tx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init/release routines for stats token (fate#322021,\n bsc#1031512).\n - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED\n (fate#322021, bsc#1040855).\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021,\n bsc#1038297).\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: driver initialization for kdump/kexec (bsc#1044772).\n - ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close\n (bsc#1044767).\n - ibmvnic: Exit polling routine correctly during adapter reset\n (bsc#1044767).\n - ibmvnic: Fix assignment of RX/TX IRQ's (bsc#1046589).\n - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855).\n - ibmvnic: Fix endian errors in error reporting output (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix endian error when requesting device capabilities\n (fate#322021, bsc#1031512).\n - ibmvnic: Fix error handling when registering long-term-mapped buffers\n (bsc#1045568).\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure\n (bsc#1045568).\n - ibmvnic: Fix initial MTU settings (bsc#1031512).\n - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021,\n bsc#1038297, Fixes: ed651a10875f).\n - ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021,\n bsc#1031512).\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021,\n bsc#1031512).\n - ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs\n (fate#322021, bsc#1031512).\n - ibmvnic: Halt TX and report carrier off on H_CLOSED return code\n (fate#322021, bsc#1040855).\n - ibmvnic: Handle failover after failed init crq (fate#322021,\n bsc#1040855).\n - ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: Initialize completion variables before starting work\n (fate#322021, bsc#1031512).\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021,\n bsc#1031512).\n - ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs\n (fate#322021, bsc#1031512).\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021,\n bsc#1031512).\n - ibmvnic: Move ibmvnic adapter intialization to its own routine\n (fate#322021, bsc#1031512).\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of the stats token to ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move login and queue negotiation into ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move login to its own routine (fate#322021, bsc#1031512).\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021,\n bsc#1038297).\n - ibmvnic: Move resource initialization to its own routine (fate#322021,\n bsc#1038297).\n - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855).\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n - ibmvnic: Remove module author mailing address (bsc#1045467).\n - ibmvnic: Remove netdev notify for failover resets (bsc#1044120).\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n - ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767).\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855).\n - ibmvnic: Reset the CRQ queue during driver reset (fate#322021,\n bsc#1040855).\n - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855).\n - ibmvnic: Return failure on attempted mtu change (bsc#1043236).\n - ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state\n (bsc#1045235).\n - ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767).\n - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855).\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021,\n bsc#1031512).\n - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855).\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n - ibmvnic: Update main crq initialization and release (fate#322021,\n bsc#1031512).\n - ibmvnic: Use common counter for capabilities checks (fate#322021,\n bsc#1031512).\n - ibmvnic: use max_mtu instead of req_mtu for MTU range check\n (bsc#1031512).\n - ibmvnic: Validate napi exist before disabling them (fate#322021,\n bsc#1031512).\n - ibmvnic: Wait for any pending scrqs entries at driver close\n (fate#322021, bsc#1038297).\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021,\n bsc#1038297).\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n - infiniband: avoid dereferencing uninitialized dst on error path\n (git-fixes).\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n - iommu: Handle default domain attach failure (bsc#1038846).\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header\n (4.4.68 stable queue).\n - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286).\n - ipv6: fix endianness error in icmpv6_err (bsc#1042286).\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable\n queue).\n - ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes).\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable\n queue).\n - isa: Call isa_bus_init before dependent ISA bus drivers register\n (bsc#1031717).\n - iscsi-target: Return error if unable to add network portal (bsc#1032803).\n - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570).\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n - iwlwifi: 8000: fix MODULE_FIRMWARE input.\n - iwlwifi: 9000: increase the number of queues.\n - iwlwifi: add device ID for 8265.\n - iwlwifi: add device IDs for the 8265 device.\n - iwlwifi: add disable_11ac module param.\n - iwlwifi: add new 3168 series devices support.\n - iwlwifi: add new 8260 PCI IDs.\n - iwlwifi: add new 8265.\n - iwlwifi: add new 8265 series PCI ID.\n - iwlwifi: Add new PCI IDs for 9260 and 5165 series.\n - iwlwifi: Add PCI IDs for the new 3168 series.\n - iwlwifi: Add PCI IDs for the new series 8165.\n - iwlwifi: add support for 12K Receive Buffers.\n - iwlwifi: add support for getting HW address from CSR.\n - iwlwifi: avoid d0i3 commands when no/init ucode is loaded.\n - iwlwifi: bail out in case of bad trans state.\n - iwlwifi: block the queues when we send ADD_STA for uAPSD.\n - iwlwifi: change the Intel Wireless email address.\n - iwlwifi: change the Intel Wireless email address.\n - iwlwifi: check for valid ethernet address provided by OEM.\n - iwlwifi: clean up transport debugfs handling.\n - iwlwifi: clear ieee80211_tx_info-&gt;driver_data in the op_mode.\n - iwlwifi: Document missing module options.\n - iwlwifi: dump prph registers in a common place for all transports.\n - iwlwifi: dvm: advertise NETIF_F_SG.\n - iwlwifi: dvm: fix compare_const_fl.cocci warnings.\n - iwlwifi: dvm: handle zero brightness for wifi LED.\n - iwlwifi: dvm: remove a wrong dependency on m.\n - iwlwifi: dvm: remove Kconfig default.\n - iwlwifi: dvm: remove stray debug code.\n - iwlwifi: export the _no_grab version of PRPH IO functions.\n - iwlwifi: expose fw usniffer mode to more utilities.\n - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000.\n - iwlwifi: Fix firmware name maximum length definition.\n - iwlwifi: fix name of ucode loaded for 8265 series.\n - iwlwifi: fix printf specifier.\n - iwlwifi: generalize d0i3_entry_timeout module parameter.\n - iwlwifi: mvm: adapt the firmware assert log to new firmware.\n - iwlwifi: mvm: add 9000-series RX API.\n - iwlwifi: mvm: add 9000 series RX processing.\n - iwlwifi: mvm: add a non-trigger window to fw dbg triggers.\n - iwlwifi: mvm: add an option to start rs from HT/VHT rates.\n - iwlwifi: mvm: Add a station in monitor mode.\n - iwlwifi: mvm: add bt rrc and ttc to debugfs.\n - iwlwifi: mvm: add bt settings to debugfs.\n - iwlwifi: mvm: add ctdp operations to debugfs.\n - iwlwifi: mvm: add CT-KILL notification.\n - iwlwifi: mvm: add debug print if scan config is ignored.\n - iwlwifi: mvm: add extended dwell time.\n - iwlwifi: mvm: add new ADD_STA command version.\n - iwlwifi: mvm: Add P2P client snoozing.\n - iwlwifi: mvm: add registration to cooling device.\n - iwlwifi: mvm: add registration to thermal zone.\n - iwlwifi: mvm: add support for negative temperatures.\n - iwlwifi: mvm: add tlv for multi queue rx support.\n - iwlwifi: mvm: add trigger for firmware dump upon TDLS events.\n - iwlwifi: mvm: add trigger for firmware dump upon TX response status.\n - iwlwifi: mvm: advertise NETIF_F_SG.\n - iwlwifi: mvm: Align bt-coex priority with requirements.\n - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface.\n - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning.\n - iwlwifi: mvm: avoid panics with thermal device usage.\n - iwlwifi: mvm: avoid to WARN about gscan capabilities.\n - iwlwifi: mvm: bail out if CTDP start operation fails.\n - iwlwifi: mvm: bump firmware API to 21.\n - iwlwifi: mvm: bump max API to 20.\n - iwlwifi: mvm: change access to ieee80211_hdr.\n - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station.\n - iwlwifi: mvm: change mcc update API.\n - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk.\n - iwlwifi: mvm: Change number of associated stations when station becomes\n associated.\n - iwlwifi: mvm: change protocol offload flows.\n - iwlwifi: mvm: change the check for ADD_STA status.\n - iwlwifi: mvm: check FW's response for nvm access write cmd.\n - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value.\n - iwlwifi: mvm: check minimum temperature notification length.\n - iwlwifi: mvm: cleanup roc te on restart cleanup.\n - iwlwifi: mvm: Configure fragmented scan for scheduled scan.\n - iwlwifi: mvm: configure scheduled scan according to traffic conditions.\n - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c.\n - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured.\n - iwlwifi: mvm: disable DQA support.\n - iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta.\n - iwlwifi: mvm: do not keep an mvm ref when the interface is down.\n - iwlwifi: mvm: do not let NDPs mess the packet tracking.\n - iwlwifi: mvm: do not restart HW if suspend fails with unified image.\n - iwlwifi: mvm: Do not switch to D3 image on suspend.\n - iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes.\n - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit.\n - iwlwifi: mvm: dump more registers upon error.\n - iwlwifi: mvm: dump the radio registers when the firmware crashes.\n - iwlwifi: mvm: enable L3 filtering.\n - iwlwifi: mvm: Enable MPLUT only on supported hw.\n - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware.\n - iwlwifi: mvm: extend time event duration.\n - iwlwifi: mvm: fix accessing Null pointer during fw dump collection.\n - iwlwifi: mvm: fix d3_test with unified D0/D3 images.\n - iwlwifi: mvm: fix debugfs signedness warning.\n - iwlwifi: mvm: fix extended dwell time.\n - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans().\n - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump.\n - iwlwifi: mvm: fix netdetect starting/stopping for unified images.\n - iwlwifi: mvm: fix RSS key sizing.\n - iwlwifi: mvm: fix unregistration of thermal in some error flows.\n - iwlwifi: mvm: flush all used TX queues before suspending.\n - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not\n support it.\n - iwlwifi: mvm: handle pass all scan reporting.\n - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans.\n - iwlwifi: mvm: infrastructure for frame-release message.\n - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq.\n - iwlwifi: mvm: let the firmware choose the antenna for beacons.\n - iwlwifi: mvm: make collecting fw debug data optional.\n - iwlwifi: mvm: move fw-dbg code to separate file.\n - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw.\n - iwlwifi: mvm: prepare the code towards TSO implementation.\n - iwlwifi: mvm: refactor d3 key update functions.\n - iwlwifi: mvm: refactor the way fw_key_table is handled.\n - iwlwifi: mvm: remove an extra tab.\n - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs.\n - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort.\n - iwlwifi: mvm: remove redundant d0i3 flag from the config struct.\n - iwlwifi: mvm: remove shadowing variable.\n - iwlwifi: mvm: remove stray nd_config element.\n - iwlwifi: mvm: remove the vif parameter of\n iwl_mvm_configure_bcast_filter().\n - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported().\n - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination.\n - iwlwifi: mvm: report wakeup for wowlan.\n - iwlwifi: mvm: reset mvm-&gt;scan_type when firmware is started.\n - iwlwifi: mvm: return the cooling state index instead of the budget.\n - iwlwifi: mvm: ROC: cleanup time event info on FW failure.\n - iwlwifi: mvm: ROC: Extend the ROC max delay duration &amp; limit ROC\n duration.\n - iwlwifi: mvm: rs: fix a potential out of bounds access.\n - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array\n elements.\n - iwlwifi: mvm: rs: fix a warning message.\n - iwlwifi: mvm: rs: fix TPC action decision algorithm.\n - iwlwifi: mvm: rs: fix TPC statistics handling.\n - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed.\n - iwlwifi: mvm: set default new STA as non-aggregated.\n - iwlwifi: mvm: set the correct amsdu enum values.\n - iwlwifi: mvm: set the correct descriptor size for tracing.\n - iwlwifi: mvm: small update in the firmware API.\n - iwlwifi: mvm: support A-MSDU in A-MPDU.\n - iwlwifi: mvm: support beacon storing.\n - iwlwifi: mvm: support description for user triggered fw dbg collection.\n - iwlwifi: mvm: support rss queues configuration command.\n - iwlwifi: mvm: Support setting continuous recording debug mode.\n - iwlwifi: mvm: support setting minimum quota from debugfs.\n - iwlwifi: mvm: support sw queue start/stop from mvm.\n - iwlwifi: mvm: take care of padded packets.\n - iwlwifi: mvm: take the transport ref back when leaving.\n - iwlwifi: mvm: track low-latency sources separately.\n - iwlwifi: mvm: update GSCAN capabilities.\n - iwlwifi: mvm: update ucode status before stopping device.\n - iwlwifi: mvm: use build-time assertion for fw trigger ID.\n - iwlwifi: mvm: use firmware station lookup, combine code.\n - iwlwifi: mvm: various trivial cleanups.\n - iwlwifi: mvm: writing zero bytes to debugfs causes a crash.\n - iwlwifi: nvm: fix loading default NVM file.\n - iwlwifi: nvm: fix up phy section when reading it.\n - iwlwifi: pcie: add 9000 series multi queue rx DMA support.\n - iwlwifi: pcie: add infrastructure for multi-queue rx.\n - iwlwifi: pcie: add initial RTPM support for PCI.\n - iwlwifi: pcie: Add new configuration to enable MSIX.\n - iwlwifi: pcie: add pm_prepare and pm_complete ops.\n - iwlwifi: pcie: add RTPM support when wifi is enabled.\n - iwlwifi: pcie: aggregate Flow Handler configuration writes.\n - iwlwifi: pcie: allow the op_mode to block the tx queues.\n - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug.\n - iwlwifi: pcie: avoid restocks inside rx loop if not emergency.\n - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues.\n - iwlwifi: pcie: build an A-MSDU using TSO core.\n - iwlwifi: pcie: configure more RFH settings.\n - iwlwifi: pcie: detect and workaround invalid write ptr behavior.\n - iwlwifi: pcie: do not increment / decrement a bool.\n - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU.\n - iwlwifi: pcie: enable multi-queue rx path.\n - iwlwifi: pcie: extend device reset delay.\n - iwlwifi: pcie: fine tune number of rxbs.\n - iwlwifi: pcie: fix a race in firmware loading flow.\n - iwlwifi: pcie: fix erroneous return value.\n - iwlwifi: pcie: fix global table size.\n - iwlwifi: pcie: fix identation in trans.c.\n - iwlwifi: pcie: fix RF-Kill vs. firmware load race.\n - iwlwifi: pcie: forbid RTPM on device removal.\n - iwlwifi: pcie: mark command queue lock with separate lockdep class.\n - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim.\n - iwlwifi: pcie: refactor RXBs reclaiming code.\n - iwlwifi: pcie: remove ICT allocation message.\n - iwlwifi: pcie: remove pointer from debug message.\n - iwlwifi: pcie: re-organize code towards TSO.\n - iwlwifi: pcie: set RB chunk size back to 64.\n - iwlwifi: pcie: update iwl_mpdu_desc fields.\n - iwlwifi: print index in api/capa flags parsing message.\n - iwlwifi: refactor the code that reads the MAC address from the NVM.\n - iwlwifi: remove IWL_DL_LED.\n - iwlwifi: remove unused parameter from grab_nic_access.\n - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables.\n - iwlwifi: set max firmware version of 7265 to 17.\n - iwlwifi: support ucode with d0 unified image - regular and usniffer.\n - iwlwifi: trans: make various conversion macros inlines.\n - iwlwifi: trans: support a callback for ASYNC commands.\n - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian.\n - iwlwifi: tt: move ucode_loaded check under mutex.\n - iwlwifi: uninline iwl_trans_send_cmd.\n - iwlwifi: update host command messages to new format.\n - iwlwifi: Update PCI IDs for 8000 and 9000 series.\n - iwlwifi: update support for 3168 series firmware and NVM.\n - iwlwifi: various comments and code cleanups.\n - jump label: fix passing kbuild_cflags when checking for asm goto support\n (git-fixes).\n - kabi: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n - kabi: ignore fs_info parameter for tracepoints that didn't have it\n (bsc#1044912).\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n - kABI: protect cgroup include in kernel/kthread (kabi).\n - kABI: protect struct fib_info (kabi).\n - kABI: protect struct mnt_namespace (kabi).\n - kABI: protect struct pglist_data (kabi).\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n - kABI: protect struct xlog (bsc#1043598).\n - kABI: restore ttm_ref_object_add parameters (kabi).\n - kabi/severities: ignore kABi changes in iwlwifi stuff itself\n - kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF\n (bsc#1042286).\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses\n are probed (4.4.68 stable queue).\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n - kvm: svm: add support for RDTSCP (bsc#1033117).\n - l2tp: fix race in l2tp_recv_common() (bsc#1042286).\n - lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable\n queue).\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libcxgb: add library module for Chelsio drivers (bsc#1021424).\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in\n nbytes (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices\n (bsc#1003581).\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n - livepatch: Allow architectures to specify an alternate ftrace location\n (FATE#322421).\n - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER\n (bsc#1031717).\n - loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101).\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n - md: allow creation of mdNNN arrays via md_mod/parameters/new_array\n (bsc#1032339).\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store\n (bsc#1038143).\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n - md: fix a null dereference (bsc#1040351).\n - md: handle read-only member devices better (bsc#1033281).\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or\n do_md_stop (bsc#1038142).\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n - md: support disabling of create-on-open semantics (bsc#1032339).\n - md: use a separate bio_set for synchronous IO (bsc#1040351).\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n - media: cx23885: uninitialized variable in cx23885_av_work_handler()\n (bsc#1031717).\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in\n vpbe_set_output() (bsc#1031717).\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717).\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n - media: lirc_imon: do not leave imon_probe() with mutex held\n (bsc#1031717).\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n - media: rc: allow rc modules to be loaded if rc-main is not a module\n (bsc#1031717).\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs()\n (bsc#1031717).\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n - media: vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231).\n - mem-hotplug: fix node spanned pages when we have a movable node\n (bnc#1034671).\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n - mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172\n bsc#966191).\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n - mmc: Downgrade error level (bsc#1042536).\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n - mmc: sdhci: restore behavior when setting VDD via external regulator\n (bsc#1031717).\n - mm: fix &lt;linux/pagemap.h&gt; stray kernel-doc notation (bnc#971975 VM --\n git fixes).\n - mm: fix new crash in unmapped_area_topdown() (bnc#1039348).\n - mm/hugetlb: check for reserved hugepages during memory offline\n (bnc#971975 VM -- git fixes).\n - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975\n VM -- git fixes).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable\n queue).\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n - net: bridge: start hello timer only if device is up (bnc#1012382).\n - netfilter: nf_conntrack_sip: extend request line validation\n (bsc#1042286).\n - netfilter: nf_ct_expect: remove the redundant slash when policy name is\n empty (bsc#1042286).\n - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags\n (bsc#1042286).\n - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to\n register (bsc#1042286).\n - netfilter: nfnetlink_queue: reject verdict request from different portid\n (bsc#1042286).\n - netfilter: restart search if moved to other chain (bsc#1042286).\n - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286).\n - net: fix compile error in skb_orphan_partial() (bnc#1012382).\n - net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter\n (fate#322021, bsc#1031512).\n - net: icmp_route_lookup should use rt dev to determine L3 domain\n (bsc#1042286).\n - net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286).\n - net: ipv6: set route type for anycast routes (bsc#1042286).\n - net: l3mdev: Add master device lookup by index (bsc#1042286).\n - net: make netdev_for_each_lower_dev safe for device removal\n (bsc#1042286).\n - net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5e: Fix timestamping capabilities reporting (bsc#966170\n bsc#1015342).\n - net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172\n bsc#966191).\n - net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172\n bsc#966191).\n - net: vrf: Create FIB tables on link create (bsc#1042286).\n - net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286).\n - net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286).\n - net: vrf: Fix dst reference counting (bsc#1042286).\n - net: vrf: protect changes to private data with rcu (bsc#1042286).\n - net: vrf: Switch dst dev to loopback on device delete (bsc#1042286).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bsc#966339 FATE#320150).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (git-fixes).\n - nfs: Fix &quot;Do not increment lock sequence ID after NFS4ERR_MOVED&quot;\n (git-fixes).\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n - nfsv4: do not let hanging mounts block other mounts (bsc#1040364).\n - nfsv4: fix a reference leak caused WARNING messages (git-fixes).\n - nfsv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829).\n - nvme: Delete created IO queues on reset (bsc#1031717).\n - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532).\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock\n (bsc#1004003).\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points\n (bsc#1004003).\n - overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400).\n - overlayfs: compat, use correct dentry to detect compat mode in\n ovl_compat_is_whiteout (bsc#1032400).\n - pci: pciehp: Prioritize data-link event over presence detect\n (bsc#1031040,bsc#1037483).\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability\n (bsc#1030057).\n - percpu: remove unused chunk_alloc parameter from pcpu_get_pages()\n (bnc#971975 VM -- git fixes).\n - perf/x86/intel/rapl: Make Knights Landings support functional\n (bsc#1042517).\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server\n (bsc#1035887).\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717).\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for\n LED-setting callbacks (bsc#1031717).\n - pm / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231).\n - pm / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n - pm / wakeirq: Fix spurious wake-up events for dedicated wakeirqs\n (bsc#1031717).\n - pm / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764\n fate#315275, LTC#103998).\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n - powerpc/fadump: add reschedule point while releasing memory\n (bsc#1040609).\n - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669).\n - powerpc/fadump: avoid holes in boot memory area when fadump is\n registered (bsc#1037669).\n - powerpc/fadump: provide a helpful error message (bsc#1037669).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: return error when fadump registration fails\n (bsc#1040567).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/ftrace: Add Kconfig &amp; Make glue for mprofile-kernel\n (FATE#322421).\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI\n (FATE#322421).\n - powerpc/ftrace: Pass the correct stack pointer for\n DYNAMIC_FTRACE_WITH_REGS (FATE#322421).\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace\n (FATE#322421).\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421).\n - powerpc/livepatch: Add livepatch stack to struct thread_info\n (FATE#322421).\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n - powerpc/module: Only try to generate the ftrace_caller() stub once\n (FATE#322421).\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount()\n call (FATE#322421).\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call power_supply_changed() for relevant\n component (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Do not read fault register outside\n irq_handle_thread() (4.4.68 stable queue).\n - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Handle fault before status on interrupt\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Install irq_handler_thread() at end of\n probe() (4.4.68 stable queue).\n - printk: Correctly handle preemption in console_unlock() (bsc#1046434).\n - printk: Switch to the sync mode when an emergency message is printed\n (bsc#1034995).\n - printk/xen: Force printk sync mode when migrating Xen guest\n (bsc#1043347).\n - quota: fill in Q_XGETQSTAT inode information for inactive quotas\n (bsc#1042356).\n - radix-tree: fix radix_tree_iter_retry() for tagged iterators\n (bsc#1012829).\n - ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes).\n - rdma/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570).\n - rdma/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr()\n (bsc#1026570).\n - rdma/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570).\n - rdma/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570).\n - regulator: isl9305: fix array size (bsc#1031717).\n - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).\n - Revert &quot;acpi, nfit, libnvdimm: fix interleave set cookie calculation\n (64-bit comparison)&quot; (kabi).\n - Revert &quot;btrfs: qgroup: Move half of the qgroup accounting time out of&quot;\n (bsc#1017461 bsc#1033885).\n - Revert &quot;KVM: nested VMX: disable perf cpuid reporting&quot; (4.4.68 stable\n queue).\n - Revert &quot;l2tp: take reference on sessions being dumped&quot; (kabi).\n - Revert &quot;mac80211: pass block ack session timeout to to driver&quot; (kabi).\n - Revert &quot;mac80211: RX BA support for sta max_rx_aggregation_subframes&quot;\n (kabi).\n - Revert &quot;wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event&quot; (kabi).\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate\n (bsc#1035922)\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable\n queue).\n - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286).\n - s390/dasd: check if query host access feature is supported (bsc#1037871).\n - sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803).\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458).\n - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458).\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458).\n - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo()\n (bsc#1038458).\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458).\n - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458).\n - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458).\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458).\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 &amp; IPv6 (bsc#1038458).\n - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458).\n - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458).\n - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458).\n - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458).\n - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458).\n - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458).\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458).\n - scsi: be2iscsi: Move functions to right files (bsc#1038458).\n - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458).\n - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458).\n - scsi: be2iscsi: Remove alloc_mcc_tag &amp; beiscsi_pci_soft_reset\n (bsc#1038458).\n - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458).\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458).\n - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458).\n - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458).\n - scsi: be2iscsi: Update copyright information (bsc#1038458).\n - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458).\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885).\n - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature\n (bsc#1021424).\n - scsi: cxlflash: Remove the device cleanly in the system shutdown path\n (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3\n - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340).\n - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910).\n - scsi_error: count medium access timeout only once per EH run\n (bsc#993832, bsc#1032345).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419).\n - scsi: ipr: Driver version 2.6.4 (bsc#1031555).\n - scsi: ipr: Error path locking fixes (bsc#1031555).\n - scsi: ipr: Fix abort path race condition (bsc#1031555).\n - scsi: ipr: Fix missed EH wakeup (bsc#1031555).\n - scsi: ipr: Fix SATA EH hang (bsc#1031555).\n - scsi: ipr: Remove redundant initialization (bsc#1031555).\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue).\n - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125).\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68\n stable queue).\n - scsi_transport_fc: do not call queue_work under lock (bsc#1013887).\n - scsi_transport_fc: fixup race condition in fc_rport_final_delete()\n (bsc#1013887).\n - scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887).\n - sctp: check af before verify address in sctp_addr_id2transport\n (git-fixes).\n - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable\n queue).\n - smartpqi: limit transfer length to 1MB (bsc#1025461).\n - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable\n queue).\n - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()\n (bsc#1031717).\n - staging: wlan-ng: add missing byte order conversion (4.4.68 stable\n queue).\n - sunrpc: Allow xprt-&gt;ops-&gt;timer method to sleep (git-fixes).\n - sunrpc: ensure correct error is reported by xs_tcp_setup_socket()\n (git-fixes).\n - sunrpc: fix UDP memory accounting (git-fixes).\n - sunrpc: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes).\n - supported.conf: added drivers/net/ethernet/chelsio/libcxgb/libcxgb\n - supported.conf: Bugzilla and FATE references for dcdbas and dell_rbu\n - sysfs: be careful of error returns from ops-&gt;show() (bsc#1028883).\n - tcp: account for ts offset only if tsecr not zero (bsc#1042286).\n - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue).\n - tcp: do not underestimate skb-&gt;truesize in tcp_trim_head() (4.4.68\n stable queue).\n - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286).\n - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286).\n - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286).\n - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data\n (bsc#1042286).\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue).\n - Temporarily disable iwlwifi-expose-default-fallback-ucode-api ... for\n updating iwlwifi stack\n - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).\n - thp: reduce indentation level in change_huge_pmd() (bnc#1027974).\n - tpm: Downgrade error level (bsc#1042535).\n - tpm: fix checks for policy digest existence in tpm2_seal_trusted()\n (bsc#1034048, Pending fixes 2017-04-10).\n - tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes\n 2017-04-10).\n - tpm: fix: set continueSession attribute for the unseal operation\n (bsc#1034048, Pending fixes 2017-04-10).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - tty: Destroy ldisc instance on hangup (bnc#1043488).\n - tty: Fix ldisc crash on reopened tty (bnc#1043488).\n - tty: Handle NULL tty-&gt;ldisc (bnc#1043488).\n - tty: Move tty_ldisc_kill() (bnc#1043488).\n - tty: Prepare for destroying line discipline on hangup (bnc#1043488).\n - tty: Refactor tty_ldisc_reinit() for reuse (bnc#1043488).\n - tty: Reset c_line from driver's init_termios (bnc#1043488).\n - tty: Simplify tty_set_ldisc() exit handling (bnc#1043488).\n - tty: Use 'disc' for line discipline index name (bnc#1043488).\n - udp: avoid ufo handling on IP payload compression packets (bsc#1042286).\n - udplite: call proper backlog handlers (bsc#1042286).\n - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335)\n - Update\n patches.fixes/x86-pci-mark-broadwell-ep-home-agent-1-as-having-non-complian\n t-bars (bsc#1039214). Fix the wrong bsc number.\n - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900).\n - Update ppc64le config files to use KGRAFT.\n - usb: chipidea: Handle extcon events properly (4.4.68 stable queue).\n - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable\n queue).\n - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: musb: ux500: Fix NULL pointer dereference at system PM\n (bsc#1038033).\n - usb: serial: ark3116: fix open error handling (bnc#1038043).\n - usb: serial: ch341: add register and USB request definitions\n (bnc#1038043).\n - usb: serial: ch341: add support for parity, frame length, stop bits\n (bnc#1038043).\n - usb: serial: ch341: fix baud rate and line-control handling\n (bnc#1038043).\n - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043).\n - usb: serial: ch341: fix modem-status handling (bnc#1038043).\n - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043).\n - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68\n stable queue).\n - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043).\n - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043).\n - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable\n queue).\n - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable\n queue).\n - usb: serial: quatech2: fix control-message error handling (bnc#1038043).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bnc#1038043).\n - usb: serial: ssu100: fix control-message error handling (bnc#1038043).\n - usb: serial: ti_usb_3410_5052: fix control-message error handling\n (4.4.68 stable queue).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available.\n - Use up spare in struct module for livepatch (FATE#322421).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).\n - vrf: remove slave queue and private slave struct (bsc#1042286).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752).\n - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable\n queue).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression &gt;= 0\n (4.4.68 stable queue).\n - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs\n (bsc#9048891).\n - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68\n stable queue).\n - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024).\n - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024).\n - x86/platform/uv/BAU: Add status mmr location fields to bau_control\n (bsc#1035024).\n - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024).\n - x86/platform/uv/BAU: Add uv_bau_version enumerated constants\n (bsc#1035024).\n - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024).\n - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024).\n - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances\n (bsc#1035024).\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024).\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset()\n (bsc#1035024).\n - x86/platform/uv/BAU: Disable software timeout on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack\n register (bsc#1035024).\n - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status\n (bsc#1035024).\n - x86/platform/uv/BAU: Populate -&gt;uvhub_version with UV4 version\n information (bsc#1035024).\n - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024).\n - x86/platform/uv: Fix calculation of Global Physical Address\n (bsc#1031147).\n - xen: add sysfs node for guest type (bnc#1037840).\n - xen: adjust early dom0 p2m handling to xen hypervisor behavior\n (bnc#1031470).\n - xen-blkback: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - xen/mce: do not issue error message for failed /dev/mcelog registration\n (bnc#1036638).\n - xfrm: Fix memory leak of aead algorithm name (bsc#1042286).\n - xfrm: Only add l3mdev oif to dst lookups (bsc#1042286).\n - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1041160).\n - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598).\n - xfs: fix eofblocks race with file extending async dio writes\n (bsc#1040929).\n - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168).\n - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()\n (bsc#1041168).\n - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598).\n - xfs: in _attrlist_by_handle, copy the cursor back to userspace\n (bsc#1041242).\n - xfs: log recovery tracepoints to track current lsn and buffer submission\n (bsc#1043598).\n - xfs: Make __xfs_xattr_put_listen preperly report errors (bsc#1041242).\n - xfs: only return -errno or success from attr -&gt;put_listent (bsc#1041242).\n - xfs: pass current lsn to log recovery buffer validation (bsc#1043598).\n - xfs: refactor log record unpack and data processing (bsc#1043598).\n - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421).\n - xfs: rework log recovery to submit buffers on LSN boundaries\n (bsc#1043598).\n - xfs: rework the inline directory verifiers (bsc#1042421).\n - xfs: sanity check directory inode di_size (bsc#1042421).\n - xfs: sanity check inode di_mode (bsc#1042421).\n - xfs: Split default quota limits by quota type (bsc#1049421).\n - xfs: update metadata LSN in buffers during log recovery (bsc#1043598).\n - xfs: use -&gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xfs: verify inline directory data forks (bsc#1042421).\n - zswap: do not param_set_charp while holding spinlock (VM Functionality,\n bsc#1042886).\n\n", "cvss3": {}, "published": "2017-07-13T15:09:41", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-1000380", "CVE-2017-7616", "CVE-2017-9074", "CVE-2017-7346", "CVE-2017-7618", "CVE-2017-9242", "CVE-2017-9075", "CVE-2017-8924", "CVE-2017-9150", "CVE-2017-8925", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2017-07-13T15:09:41", "id": "SUSE-SU-2017:1853-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00018.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T20:14:12", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the\n Linux kernel did not make the allow_ptr_leaks value available for\n restricting the output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via crafted bpf\n system calls (bnc#1040279).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670)\n\n The following non-security bugs were fixed:\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal\n (bsc#1031717).\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68\n stable queue).\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2\n mode (4.4.68 stable queue).\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable\n queue).\n - asoc: rt5640: use msleep() for long delays (bsc#1031717).\n - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB\n numbering (bsc#989311)\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n - bna: avoid writing uninitialized data into hw registers (bsc#966321\n FATE#320156).\n - bnxt_en: allocate enough space for -&gt;ntp_fltr_bmap (bsc#1020412\n FATE#321671).\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable\n queue).\n - brcmfmac: Ensure pointer correctly set if skb data location changes\n (4.4.68 stable queue).\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n - btrfs: add btrfs_trans_handle-&gt;fs_info pointer (bsc#1012452).\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n - btrfs: add dynamic debug support (bsc#1012452).\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n - btrfs: add more validation checks for superblock (bsc#1012452).\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n - btrfs: add semaphore to synchronize direct IO writes with fsync\n (bsc#1012452).\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n - btrfs: add tracepoints for flush events (bsc#1012452).\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n - btrfs: always use trans-&amp;gt;block_rsv for orphans (bsc#1012452).\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block\n (bsc#1012452).\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing\n delalloc space (bsc#1012452).\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined\n (bsc#1012452).\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction\n (bsc#1012452).\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup()\n (bsc#1012452).\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n - btrfs: check btree node's nritems (bsc#1012452).\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer\n (bsc#1012452).\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n - btrfs: divide btrfs_update_reserved_bytes() into two functions\n (bsc#1012452).\n - btrfs: do not background blkdev_put() (bsc#1012452).\n - btrfs: do not bother kicking async if there's nothing to reclaim\n (bsc#1012452).\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n - btrfs: do not create empty block group if we have allocated data\n (bsc#1012452).\n - btrfs: do not decrease bytes_may_use when replaying extents\n (bsc#1012452).\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n - btrfs: do not do unnecessary delalloc flushes when relocating\n (bsc#1012452).\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or\n more subvolumes (bsc#1012452).\n - btrfs: do not wait for unrelated IO to finish before relocation\n (bsc#1012452).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1035866).\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path\n (bsc#1012452).\n - btrfs: error out if generic_bin_search get invalid arguments\n (bsc#1012452).\n - btrfs: expand cow_file_range() to support in-band dedup and\n subpage-blocksize (bsc#1012452).\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support\n in-band dedupe and subpage size patchset (bsc#1012452).\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n - btrfs: fix an integer overflow check (bsc#1012452).\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks\n (bsc#1012452).\n - btrfs: fix data loss after truncate when using the no-holes feature\n (bsc#1036214).\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n - btrfs: fix double free of fs root (bsc#1012452).\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf()\n (bsc#1012452).\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n - btrfs: fix fspath error deallocation (bsc#1012452).\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap\n (bsc#1012452).\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex\n and uuid_mutex (bsc#1012452).\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex\n (bsc#1012452).\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n - btrfs: fix mixed block count of available space (bsc#1012452).\n - btrfs: fix one bug that process may endlessly wait for ticket in\n wait_reserve_ticket() (bsc#1012452).\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n - btrfs: fix race between block group relocation and nocow writes\n (bsc#1012452).\n - btrfs: fix race between device replace and block group removal\n (bsc#1012452).\n - btrfs: fix race between device replace and chunk allocation\n (bsc#1012452).\n - btrfs: fix race between device replace and discard (bsc#1012452).\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n - btrfs: fix race between fsync and direct IO writes for prealloc extents\n (bsc#1012452).\n - btrfs: fix race between readahead and device replace/removal\n (bsc#1012452).\n - btrfs: fix race setting block group back to RW mode during device\n replace (bsc#1012452).\n - btrfs: fix race setting block group readonly during device replace\n (bsc#1012452).\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n - btrfs: Fix slab accounting flags (bsc#1012452).\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n - btrfs: fix unprotected assignment of the left cursor for device replace\n (bsc#1012452).\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n - btrfs: flush_space: treat return value of do_chunk_alloc properly\n (bsc#1012452).\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n - btrfs: introduce device delete by devid (bsc#1012452).\n - btrfs: introduce raid-type to error-code table, for minimum device\n constraint (bsc#1012452).\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n - btrfs: introduce tickets_id to determine whether asynchronous metadata\n reclaim work makes progress (bsc#1012452).\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n - btrfs: make find_workspace always succeed (bsc#1012452).\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n - btrfs: make mapping-&amp;gt;writeback_index point to the last written page\n (bsc#1012452).\n - btrfs: make state preallocation more speculative in __set_extent_bit\n (bsc#1012452).\n - btrfs: make sure device is synced before return (bsc#1012452).\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device()\n (bsc#1012452).\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n - btrfs: optimize check for stale device (bsc#1012452).\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n - btrfs: pass number of devices to btrfs_check_raid_min_devices\n (bsc#1012452).\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n - btrfs: preallocate compression workspaces (bsc#1012452).\n - btrfs: Ratelimit &quot;no csum found&quot; info message (bsc#1012452).\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning\n (bsc#1012452).\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n - btrfs: remove save_error_info() (bsc#1012452).\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf\n (bsc#1012452).\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n - btrfs: rename and document compression workspace members (bsc#1012452).\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage\n (bsc#1012452).\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block\n (bsc#1012452).\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n - btrfs: send: use temporary variable to store allocation size\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp\n (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n - btrfs: Simplify conditions about compress while mapping btrfs flags to\n inode flags (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n - btrfs: skip commit transaction if we do not have enough pinned bytes\n (bsc#1037186).\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n - btrfs: switch to common message helpers in open_ctree, adjust messages\n (bsc#1012452).\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n - btrfs: trace pinned extents (bsc#1012452).\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, move struct\n btrfs_ioctl_defrag_range_args (bsc#1012452).\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines\n (bsc#1012452).\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n - btrfs: unsplit printed strings (bsc#1012452).\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n - btrfs: Use correct format specifier (bsc#1012452).\n - btrfs: use correct offset for reloc_inode in\n prealloc_file_extent_cluster() (bsc#1012452).\n - btrfs: use dynamic allocation for root item in create_subvol\n (bsc#1012452).\n - btrfs: use existing device constraints table btrfs_raid_array\n (bsc#1012452).\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes\n (bsc#1012452).\n - btrfs: use fs_info directly (bsc#1012452).\n - btrfs: use new error message helper in qgroup_account_snapshot\n (bsc#1012452).\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - ceph: Check that the new inode size is within limits in ceph_fallocate()\n (bsc#1037969).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n - cifs: backport prepath matching fix (bsc#799133).\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores\n (4.4.68 stable queue).\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n - dell-laptop: Adds support for keyboard backlight timeout AC settings\n (bsc#1013561).\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n - dm round robin: do not use this_cpu_ptr() without having preemption\n disabled (bsc#1040125).\n - dm verity fec: fix block calculation (bsc#1040125).\n - dm verity fec: fix bufio leaks (bsc#1040125).\n - dm verity fec: limit error correction recursion (bsc#1040125).\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments\n (bsc#1031717).\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O\n (bsc#1031717).\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error\n (bsc#1031717).\n - drm/i915: Fix mismatched INIT power domain disabling during suspend\n (bsc#1031717).\n - drm/i915: Nuke debug messages from the pipe update critical section\n (bsc#1031717).\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl\n (bsc#1040463).\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable\n queue).\n - e1000e: Do not return uninitialized stats (bug#1034635).\n - enic: set skb-&gt;hash type properly (bsc#922871 fate#318754).\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n - f2fs: sanity check segment count (4.4.68 stable queue).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n - ibmvnic: Add set_link_state routine for setting adapter link state\n (fate#322021, bsc#1031512).\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021,\n bsc#1038297).\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n - ibmvnic: Continue skb processing after skb completion error\n (fate#322021, bsc#1038297).\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the bounce buffer\n (fate#322021, bsc#1031512).\n - ibmvnic: Create init and release routines for the rx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init and release routines for the tx pool (fate#322021,\n bsc#1031512).\n - ibmvnic: Create init/release routines for stats token (fate#322021,\n bsc#1031512).\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021,\n bsc#1038297).\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021,\n bsc#1031512).\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021,\n bsc#1031512).\n - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021,\n bsc#1038297, Fixes: ed651a10875f).\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021,\n bsc#1031512).\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021,\n bsc#1031512).\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021,\n bsc#1031512).\n - ibmvnic: Move initialization of the stats token to ibmvnic_open\n (fate#322021, bsc#1031512).\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021,\n bsc#1038297).\n - ibmvnic: Move resource initialization to its own routine (fate#322021,\n bsc#1038297).\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021,\n bsc#1031512).\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021,\n bsc#1031512).\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n - ibmvnic: Update main crq initialization and release (fate#322021,\n bsc#1031512).\n - ibmvnic: Validate napi exist before disabling them (fate#322021,\n bsc#1031512).\n - ibmvnic: Wait for any pending scrqs entries at driver close\n (fate#322021, bsc#1038297).\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021,\n bsc#1038297).\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes\n (stable-4.4.67).\n - infiniband: avoid dereferencing uninitialized dst on error path\n (git-fixes).\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n - iommu: Handle default domain attach failure (bsc#1038846).\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header\n (4.4.68 stable queue).\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable\n queue).\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable\n queue).\n - isa: Call isa_bus_init before dependent ISA bus drivers register\n (bsc#1031717).\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n - kABI: protect cgroup include in kernel/kthread (kabi).\n - kABI: protect struct mnt_namespace (kabi).\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses\n are probed (4.4.68 stable queue).\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable\n queue).\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in\n nbytes (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes\n (bsc#1003581).\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices\n (bsc#1003581).\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n - livepatch: Allow architectures to specify an alternate ftrace location\n (FATE#322421).\n - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER\n (bsc#1031717).\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store\n (bsc#1038143).\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or\n do_md_stop (bsc#1038142).\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n - media: cx23885: uninitialized variable in cx23885_av_work_handler()\n (bsc#1031717).\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in\n vpbe_set_output() (bsc#1031717).\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717).\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n - media: lirc_imon: do not leave imon_probe() with mutex held\n (bsc#1031717).\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n - media: rc: allow rc modules to be loaded if rc-main is not a module\n (bsc#1031717).\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs()\n (bsc#1031717).\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n - mmc: sdhci: restore behavior when setting VDD via external regulator\n (bsc#1031717).\n - mm: fix &lt;linux/pagemap.h&gt; stray kernel-doc notation (bnc#971975 VM --\n git fixes).\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable\n queue).\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock\n (bsc#1004003).\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points\n (bsc#1004003).\n - pci: pciehp: Prioritize data-link event over presence detect\n (bsc#1031040,bsc#1037483).\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability\n (bsc#1030057).\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server\n (bsc#1035887).\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717).\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for\n LED-setting callbacks (bsc#1031717).\n - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs\n (bsc#1031717).\n - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717).\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n - powerpc/ftrace: Add Kconfig &amp; Make glue for mprofile-kernel\n (FATE#322421).\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI\n (FATE#322421).\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace\n (FATE#322421).\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n - powerpc/livepatch: Add livepatch header (FATE#322421).\n - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421).\n - powerpc/livepatch: Add livepatch stack to struct thread_info\n (FATE#322421).\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n - powerpc/module: Only try to generate the ftrace_caller() stub once\n (FATE#322421).\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount()\n call (FATE#322421).\n - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call power_supply_changed() for relevant\n component (4.4.68 stable queue).\n - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Do not read fault register outside\n irq_handle_thread() (4.4.68 stable queue).\n - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Handle fault before status on interrupt\n (4.4.68 stable queue).\n - power: supply: bq24190_charger: Install irq_handler_thread() at end of\n probe() (4.4.68 stable queue).\n - ppc64le: Update ppc64le config files to use KGRAFT.\n - printk: Switch to the sync mode when an emergency message is printed\n (bsc#1034995).\n - RDMA/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570).\n - RDMA/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570).\n - RDMA/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570).\n - regulator: isl9305: fix array size (bsc#1031717).\n - Revert &quot;acpi, nfit, libnvdimm: fix interleave set cookie calculation\n (64-bit comparison)&quot; (kabi).\n - Revert &quot;KVM: nested VMX: disable perf cpuid reporting&quot; (4.4.68 stable\n queue).\n - Revert &quot;l2tp: take reference on sessions being dumped&quot; (kabi).\n - Revert &quot;mac80211: pass block ack session timeout to to driver&quot; (kabi).\n - Revert &quot;mac80211: RX BA support for sta max_rx_aggregation_subframes&quot;\n (kabi).\n - Revert &quot;wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event&quot; (kabi).\n - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate\n (bsc#1035922)\n - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable\n queue).\n - s390/dasd: check if query host access feature is supported (bsc#1037871).\n - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458).\n - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458).\n - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458).\n - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458).\n - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo()\n (bsc#1038458).\n - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458).\n - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458).\n - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458).\n - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458).\n - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458).\n - scsi: be2iscsi: Fix gateway APIs to support IPv4 &amp; IPv6 (bsc#1038458).\n - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458).\n - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458).\n - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458).\n - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458).\n - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458).\n - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458).\n - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458).\n - scsi: be2iscsi: Move functions to right files (bsc#1038458).\n - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458).\n - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458).\n - scsi: be2iscsi: Remove alloc_mcc_tag &amp; beiscsi_pci_soft_reset\n (bsc#1038458).\n - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458).\n - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458).\n - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458).\n - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458).\n - scsi: be2iscsi: Update copyright information (bsc#1038458).\n - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458).\n - scsi: be2iscsi: Update the driver version (bsc#1038458).\n - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885).\n - scsi: cxlflash: Remove the device cleanly in the system shutdown path\n (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3\n - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340).\n - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue).\n - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125).\n - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68\n stable queue).\n - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable\n queue).\n - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable\n queue).\n - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()\n (bsc#1031717).\n - staging: wlan-ng: add missing byte order conversion (4.4.68 stable\n queue).\n - sunrpc: Allow xprt-&gt;ops-&gt;timer method to sleep (git-fixes).\n - sunrpc: fix UDP memory accounting (git-fixes).\n - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue).\n - tcp: do not underestimate skb-&gt;truesize in tcp_trim_head() (4.4.68\n stable queue).\n - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - usb: chipidea: Handle extcon events properly (4.4.68 stable queue).\n - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable\n queue).\n - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy()\n error paths (4.4.68 stable queue).\n - usb: musb: ux500: Fix NULL pointer dereference at system PM\n (bsc#1038033).\n - usb: serial: ark3116: fix open error handling (bnc#1038043).\n - usb: serial: ch341: add register and USB request definitions\n (bnc#1038043).\n - usb: serial: ch341: add support for parity, frame length, stop bits\n (bnc#1038043).\n - usb: serial: ch341: fix baud rate and line-control handling\n (bnc#1038043).\n - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043).\n - usb: serial: ch341: fix modem-status handling (bnc#1038043).\n - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043).\n - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68\n stable queue).\n - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043).\n - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable\n queue).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043).\n - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable\n queue).\n - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable\n queue).\n - usb: serial: quatech2: fix control-message error handling (bnc#1038043).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bnc#1038043).\n - usb: serial: ssu100: fix control-message error handling (bnc#1038043).\n - usb: serial: ti_usb_3410_5052: fix control-message error handling\n (4.4.68 stable queue).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available.\n - Use up spare in struct module for livepatch (FATE#322421).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752).\n - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable\n queue).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression &gt;= 0\n (4.4.68 stable queue).\n - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68\n stable queue).\n - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024).\n - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024).\n - x86/platform/uv/BAU: Add status mmr location fields to bau_control\n (bsc#1035024).\n - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024).\n - x86/platform/uv/BAU: Add uv_bau_version enumerated constants\n (bsc#1035024).\n - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024).\n - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024).\n - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances\n (bsc#1035024).\n - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024).\n - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024).\n - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset()\n (bsc#1035024).\n - x86/platform/uv/BAU: Disable software timeout on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack\n register (bsc#1035024).\n - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware\n (bsc#1035024).\n - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status\n (bsc#1035024).\n - x86/platform/uv/BAU: Populate -&gt;uvhub_version with UV4 version\n information (bsc#1035024).\n - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024).\n - xen: adjust early dom0 p2m handling to xen hypervisor behavior\n (bnc#1031470).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1041160).\n - xfs: fix eofblocks race with file extending async dio writes\n (bsc#1040929).\n - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168).\n - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()\n (bsc#1041168).\n - xfs: in _attrlist_by_handle, copy the cursor back to userspace\n (bsc#1041242).\n - xfs: only return -errno or success from attr -&gt;put_listent (bsc#1041242).\n - xfs: Split default quota limits by quota type (bsc#1040941).\n - xfs: use -&gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n\n", "cvss3": {}, "published": "2017-06-08T18:13:15", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9074", "CVE-2017-7645", "CVE-2017-9075", "CVE-2017-9150", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-8890"], "modified": "2017-06-08T18:13:15", "id": "OPENSUSE-SU-2017:1513-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-06/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:21", "description": "This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-08T15:09:00", "type": "suse", "title": "Security update for Linux Kernel Live Patch 17 for SLE 12 SP1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9242", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:09:00", "id": "SUSE-SU-2017:2089-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:21", "description": "This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-08T15:09:41", "type": "suse", "title": "Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9242", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:09:41", "id": "SUSE-SU-2017:2090-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00023.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:20", "description": "This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n The following non-security bug was fixed:\n\n - A SUSE Linux Enterprise specific regression in tearing down network\n namespaces was fixed (bsc#1044878)\n\n", "cvss3": {}, "published": "2017-08-08T15:13:09", "type": "suse", "title": "Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9242", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:13:09", "id": "SUSE-SU-2017:2094-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00024.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T22:32:06", "description": "The SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not\n consider the case of a NULL payload in conjunction with a nonzero length\n value, which allowed local users to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted add_key or keyctl system\n call, a different vulnerability than CVE-2017-12192 (bnc#1045327).\n - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed\n local users to have unspecified impact via vectors related to\n /dev/snd/seq (bnc#1062520).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the &quot;CR8-load exiting&quot; and &quot;CR8-store\n exiting&quot; L0 vmcs02 controls exist in cases where L1 omits the &quot;use TPR\n shadow&quot; vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux\n kernel doesn't check the effective uid of the target process, enabling a\n local attacker to learn the memory layout of a setuid executable despite\n ASLR (bnc#1057179).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel\n allowed local users to gain privileges or cause a denial of service\n (list corruption or use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing (bnc#1053152).\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled\n buffer is copied into a local buffer of constant size using strcpy\n without a length check which can cause a buffer overflow. (bnc#1053148).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a &quot;double fetch&quot; vulnerability (bnc#1037994).\n - CVE-2017-7482: A potential memory corruption was fixed in decoding of\n krb5 principals in the kernels kerberos handling. (bnc#1046107).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents might have been disclosed when a read and\n an ioctl happen at the same time (bnc#1044125).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a\n missing bounds check, and the fact that parport_ptr integer is static, a\n 'secure boot' kernel command line adversary (could happen due to\n bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a\n vulnerability the adversary has partial control over the command line)\n could overflow the parport_nr array in the following code, by appending\n many (&gt;LP_NO) 'lp=none' arguments to the command line (bnc#1039456).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed\n local users to read or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access restrictions) via an\n application that opens the /dev/mem file, related to arch/x86/mm/init.c\n and drivers/char/mem.c (bnc#1034405).\n\n The following new features were implemented:\n - the r8152 network driver was updated to support Realtek RTL8152/RTL8153\n Based USB Ethernet Adapters (fate#321482)\n\n The following non-security bugs were fixed:\n\n - blkback/blktap: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: Check qgroup level in kernel qgroup assign (bsc#1001459).\n - btrfs: qgroup: allow to remove qgroup which has parent but no child\n (bsc#1001459).\n - btrfs: quota: Automatically update related qgroups or mark INCONSISTENT\n flags when assigning/deleting a qgroup relations (bsc#1001459).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix file open flags on ppc64 (git-fixes).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - drivers/net: delete non-required instances of include\n &amp;lt;linux/init.h&amp;gt; (bsc#993099).\n - drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet\n (bsc#993099).\n - drivers/net/usb: Add support for 'Lenovo OneLink Pro Dock' (bsc#993099).\n - enic: set skb-&amp;gt;hash type properly (bsc#922871).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - firmware: dmi_scan: Fix ordering of product_uuid (bsc#1030531).\n - fm10k: correctly check if interface is removed (bsc#922855).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (bsc#1023287,\n bsc#1028217, bsc#1048788).\n - jhash: Update jhash_[321]words functions to use correct initval\n (git-fixes).\n - kABI: mask an include (bsc#994364).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid0: update queue parameter in a safer location (git-fixes).\n - md/raid1: do not clear bitmap bit when bad-block-list write fails\n (git-fixes).\n - md/raid10: do not clear bitmap bit when bad-block-list write fails\n (git-fixes).\n - md/raid10: ensure device failure recorded before write request returns\n (git-fixes).\n - mlock: fix mlock count can not decrease in race condition (VM\n Functionality, bsc#1042696).\n - mlx: Revert the mlx5e_tx_notify_hw() changes.(bsc#1033960)\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348).\n - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).\n - net: get rid of SET_ETHTOOL_OPS (bsc#993099).\n - net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet (bsc#993099).\n - netvsc: get rid of completion timeouts (bsc#1048788).\n - nfs v4.1: Fix Oopsable condition in server callback races (git-fixes).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - powerpc: Add missing error check to prom_find_boot_cpu() (bnc#856774).\n - powerpc/book3s: Fix MCE console messages for unrecoverable MCE\n (bnc#878240).\n - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1041429,\n [2017-05-29] Pending SUSE Kernel Fixes).\n - powerpc: Fix bad inline asm constraint in create_zero_mask()\n (bnc#856774).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules\n (bnc#863764).\n - printk: prevent userland from spoofing kernel messages (bsc#1039721).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - rtl8152: correct speed testing (bsc#993099).\n - r8152: add functions to set EEE (bsc#993099).\n - r8152: add MODULE_VERSION (bsc#993099).\n - r8152: add mutex for hw settings (bsc#993099).\n - r8152: add pre_reset and post_reset (bsc#993099).\n - r8152: add reset_resume function (bsc#993099).\n - r8152: add rtl_ops (bsc#993099).\n - r8152: add skb_cow_head (bsc#993099).\n - r8152: add three functions (bsc#993099).\n - r8152: adjust ALDPS function (bsc#993099).\n - r8152: adjust lpm timer (bsc#993099).\n - r8152: adjust rtl_start_rx (bsc#993099).\n - r8152: adjust rx_bottom (bsc#993099).\n - r8152: adjust r8152_submit_rx (bsc#993099).\n - r8152: adjust the line feed for hw_features (bsc#993099).\n - r8152: adjust usb_autopm_xxx (bsc#993099).\n - r8152: autoresume before setting feature (bsc#993099).\n - r8152: autoresume before setting MAC address (bsc#993099).\n - r8152: calculate the dropped packets for rx (bsc#993099).\n - r8152: call rtl_start_rx after netif_carrier_on (bsc#993099).\n - r8152: clear BMCR_PDOWN (bsc#993099).\n - r8152: clear LINK_OFF_WAKE_EN after autoresume (bsc#993099).\n - r8152: clear SELECTIVE_SUSPEND when autoresuming (bsc#993099).\n - r8152: clear the flag of SCHEDULE_TASKLET in tasklet (bsc#993099).\n - r8152: combine PHY reset with set_speed (bsc#993099).\n - r8152: constify ethtool_ops structures (bsc#993099).\n - r8152: correct some messages (bsc#993099).\n - r8152: correct the rx early size (bsc#993099).\n - r8152: deal with the empty line and space (bsc#993099).\n - r8152: disable ALDPS and EEE before setting PHY (bsc#993099).\n - r8152: disable ALDPS (bsc#993099).\n - r8152: disable MAC clock speed down (bsc#993099).\n - r8152: disable power cut for RTL8153 (bsc#993099).\n - r8152: disable teredo for RTL8152 (bsc#993099).\n - r8152: disable the capability of zero length (bsc#993099).\n - r8152: disable the ECM mode (bsc#993099).\n - r8152: disable the tasklet by default (bsc#993099).\n - r8152: do not enable napi before rx ready (bsc#993099).\n - r8152: ecm and vendor modes coexist (bsc#993099).\n - r8152: fix incorrect type in assignment (bsc#993099).\n - r8152: fix lockup when runtime PM is enabled (bsc#993099).\n - r8152: fix runtime function for RTL8152 (bsc#993099).\n - r8152: fix r8152_csum_workaround function (bsc#993099).\n - r8152: fix setting RTL8152_UNPLUG (bsc#993099).\n - r8152: fix the carrier off when autoresuming (bsc#993099).\n - r8152: fix the checking of the usb speed (bsc#993099).\n - r8152: fix the issue about U1/U2 (bsc#993099).\n - r8152: fix the runtime suspend issues (bsc#993099).\n - r8152: fix the submission of the interrupt transfer (bsc#993099).\n - r8152: fix the wake event (bsc#993099).\n - r8152: fix the warnings and a error from checkpatch.pl (bsc#993099).\n - r8152: fix the wrong return value (bsc#993099).\n - r8152: fix tx/rx memory overflow (bsc#993099).\n - r8152: fix wakeup settings (bsc#993099).\n - r8152: change rx early size when the mtu is changed (bsc#993099).\n - r8152: change some definitions (bsc#993099).\n - r8152: change the descriptor (bsc#993099).\n - r8152: change the EEE definition (bsc#993099).\n - r8152: change the location of rtl8152_set_mac_address (bsc#993099).\n - r8152: check code with checkpatch.pl (bsc#993099).\n - r8152: check linking status with netif_carrier_ok (bsc#993099).\n - r8152: check RTL8152_UNPLUG and netif_running before autoresume\n (bsc#993099).\n - r8152: check RTL8152_UNPLUG (bsc#993099).\n - r8152: check RTL8152_UNPLUG for rtl8152_close (bsc#993099).\n - r8152: check the status before submitting rx (bsc#993099).\n - r8152: check tx agg list before spin lock (bsc#993099).\n - r8152: check WORK_ENABLE in suspend function (bsc#993099).\n - r8152: increase the tx timeout (bsc#993099).\n - r8152: load the default MAC address (bsc#993099).\n - r8152: modify rtl_ops_init (bsc#993099).\n - r8152: modify the check of the flag of PHY_RESET in set_speed function\n (bsc#993099).\n - r8152: modify the method of accessing PHY (bsc#993099).\n - r8152: modify the tx flow (bsc#993099).\n - r8152: move enabling PHY (bsc#993099).\n - r8152: move PHY settings to hw_phy_cfg (bsc#993099).\n - r8152: move rtl8152_unload and ocp_reg_write (bsc#993099).\n - r8152: move r8152b_get_version (bsc#993099).\n - r8152: move some functions (bsc#993099).\n - r8152: move some functions (bsc#993099).\n - r8152: move some functions from probe to open (bsc#993099).\n - r8152: move the actions of saving the information of the device\n (bsc#993099).\n - r8152: move the setting for the default speed (bsc#993099).\n - r8152: move the settings of PHY to a work queue (bsc#993099).\n - r8152: nway reset after setting eee (bsc#993099).\n - r8152: redefine REALTEK_USB_DEVICE (bsc#993099).\n - r8152: reduce the frequency of spin_lock (bsc#993099).\n - r8152: reduce the number of Tx (bsc#993099).\n - r8152: remove a netif_carrier_off in rtl8152_open function (bsc#993099).\n - r8152: remove cancel_delayed_work_sync in rtl8152_set_speed (bsc#993099).\n - r8152: remove clearing bp (bsc#993099).\n - r8152: remove generic_ocp_read before writing (bsc#993099).\n - r8152: remove rtl_phy_reset function (bsc#993099).\n - r8152: remove rtl8152_get_stats (bsc#993099).\n - r8152: remove r8153_enable_eee (bsc#993099).\n - r8152: remove sram_read (bsc#993099).\n - r8152: remove the definitions of the PID (bsc#993099).\n - r8152: remove the duplicate init for the list of rx_done (bsc#993099).\n - r8152: remove the setting of LAN_WAKE_EN (bsc#993099).\n - r8152: rename rx_buf_sz (bsc#993099).\n - r8152: rename tx_underun (bsc#993099).\n - r8152: replace get_protocol with vlan_get_protocol (bsc#993099).\n - r8152: replace netdev_alloc_skb_ip_align with napi_alloc_skb\n (bsc#993099).\n - r8152: replace netif_rx with netif_receive_skb (bsc#993099).\n - r8152: replace some tabs with spaces (bsc#993099).\n - r8152: replace some types from int to bool (bsc#993099).\n - r8152: replace spin_lock_irqsave and spin_unlock_irqrestore (bsc#993099).\n - r8152: replace strncpy with strlcpy (bsc#993099).\n - r8152: replace tasklet with NAPI (bsc#993099).\n - r8152: replace the return value of rtl_ops_init (bsc#993099).\n - r8152: replace tp-&amp;gt;netdev with netdev (bsc#993099).\n - r8152: reset device when tx timeout (bsc#993099).\n - r8152: reset the bmu (bsc#993099).\n - r8152: reset tp-&amp;gt;speed before autoresuming in open function\n (bsc#993099).\n - r8152: restore hw settings (bsc#993099).\n - r8152: return -EBUSY for runtime suspend (bsc#993099).\n - r8152: save the speed (bsc#993099).\n - r8152: separate USB_RX_EARLY_AGG (bsc#993099).\n - r8152: set disable_hub_initiated_lpm (bsc#993099).\n - r8152: set RTL8152_UNPLUG when finding -ENODEV (bsc#993099).\n - r8152: split DRIVER_VERSION (bsc#993099).\n - r8152: split rtl8152_enable (bsc#993099).\n - r8152: stop submitting intr for -EPROTO (bsc#993099).\n - r8152: support dumping the hw counters (bsc#993099).\n - r8152: support ethtool eee (bsc#993099).\n - r8152: support get_msglevel and set_msglevel (bsc#993099).\n - r8152: support IPv6 (bsc#993099).\n - r8152: support jumbo frame for RTL8153 (bsc#993099).\n - r8152: support nway_reset of ethtool (bsc#993099).\n - r8152: support RTL8153 (bsc#993099).\n - r8152: support runtime suspend (bsc#993099).\n - r8152: support rx checksum (bsc#993099).\n - r8152: support setting rx coalesce (bsc#993099).\n - r8152: support stopping/waking tx queue (bsc#993099).\n - r8152: support the new RTL8153 chip (bsc#993099).\n - r8152: support TSO (bsc#993099).\n - r8152: support VLAN (bsc#993099).\n - r8152: support WOL (bsc#993099).\n - r8152: up the priority of the transmission (bsc#993099).\n - r8152: use BIT macro (bsc#993099).\n - r8152: use eth_hw_addr_random (bsc#993099).\n - r8152: Use kmemdup instead of kmalloc + memcpy (bsc#993099).\n - r8152: use test_and_clear_bit (bsc#993099).\n - r8152: use usleep_range (bsc#993099).\n - r8152: wake up the device before dumping the hw counter (bsc#993099).\n - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).\n - sched/fair: Fix min_vruntime tracking (bnc#1012985).\n - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded\n systems (bnc#1012985).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1012985).\n - sunrpc: Update RPCBIND_MAXNETIDLEN (git-fixes).\n - syscall: fix dereferencing NULL payload with nonzero length\n (bsc#1045327, bsc#1062471).\n - tcp: do not inherit fastopen_req from parent (bsc#1038544).\n - timekeeping: Ignore the bogus sleep time if pm_trace is enabled\n (bsc#994364).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - xen: Linux 3.12.74.\n - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - xfs: fix a couple error sequence jumps in xfs_mountfs() (bsc#1035531).\n - xfs: fix coccinelle warnings (bsc#1035531).\n - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).\n - xfs: use -&amp;gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160) (bsc#1041160).\n - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present\n (bsc#1058524).\n\n", "cvss3": {}, "published": "2017-10-30T19:23:22", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10277", "CVE-2017-11176", "CVE-2017-14051", "CVE-2017-1000380", "CVE-2017-13080", "CVE-2017-15274", "CVE-2017-12762", "CVE-2017-15265", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-9242", "CVE-2017-8831", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-8924", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-12153", "CVE-2017-8925", "CVE-2017-6346", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2017-10-30T19:23:22", "id": "SUSE-SU-2017:2908-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00086.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-02T20:32:20", "description": "The SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled\n counter grouping, which allowed local users to gain privileges via a\n crafted application, related to the perf_pmu_register and\n perf_event_open functions (bnc#1037306).\n - CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via UDP traffic that triggers an unsafe second\n checksum calculation during execution of a recv system call with the\n MSG_PEEK flag (bnc#1032268).\n - CVE-2016-9604: The handling of keyrings starting with '.' in\n KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to\n manipulate privileged keyrings, was fixed (bsc#1035576)\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a\n missing bounds check, and the fact that parport_ptr integer is static, a\n 'secure boot' kernel command line adversary (can happen due to\n bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a\n vulnerability the adversary has partial control over the command line)\n can overflow the parport_nr array in the following code, by appending\n many (&gt;LP_NO) 'lp=none' arguments to the command line (bnc#1039456).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel\n allowed local users to gain privileges or cause a denial of service\n (list corruption or use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing (bnc#1053152).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the &quot;CR8-load exiting&quot; and &quot;CR8-store\n exiting&quot; L0 vmcs02 controls exist in cases where L1 omits the &quot;use TPR\n shadow&quot; vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled\n buffer is copied into a local buffer of constant size using strcpy\n without a length check which can cause a buffer overflow. (bnc#1053148).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux\n kernel doesn't check the effective uid of the target process, enabling a\n local attacker to learn the memory layout of a setuid executable despite\n ASLR (bnc#1057179).\n - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed\n local users to have unspecified impact via vectors related to\n /dev/snd/seq (bnc#1062520).\n - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not\n consider the case of a NULL payload in conjunction with a nonzero length\n value, which allowed local users to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted add_key or keyctl system\n call, a different vulnerability than CVE-2017-12192 (bnc#1045327).\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593).\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the &quot;dead&quot; type (bnc#1029850).\n - CVE-2017-7482: A potential memory corruption was fixed in decoding of\n krb5 principals in the kernels kerberos handling. (bnc#1046107).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed\n local users to read or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access restrictions) via an\n application that opens the /dev/mem file, related to arch/x86/mm/init.c\n and drivers/char/mem.c (bnc#1034405).\n - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the\n Linux kernel 3.12 allowed privileged KVM guest OS users to cause a\n denial of service (NULL pointer dereference and host OS crash) via a\n single-context INVEPT instruction with a NULL EPT pointer (bnc#1035877).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a &quot;double fetch&quot; vulnerability (bnc#1037994).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n\n The following non-security bugs were fixed:\n\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779, bsc#1008353, bsc#1017941).\n - dm-mpath: always return reservation conflict. bsc#938162\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - kabi: avoid bogus kabi errors in ip_output.c (bsc#1041958).\n - keys: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670\n CVE#2017-7645).\n - printk: prevent userland from spoofing kernel messages (bsc#1039721).\n - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).\n - tcp: do not inherit fastopen_req from parent (bsc#1038544).\n - udp: disallow UFO for sockets with SO_NO_CHECK option (bsc#1041958).\n - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752\n bsc#1047408).\n - vsock: Fix lockdep issue (bsc#977417 bsc#1047408).\n - vsock: sock_put wasn't safe to call in interrupt context (bsc#977417\n bsc#1047408).\n - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present\n (bsc#1058524).\n\n", "cvss3": {}, "published": "2017-11-02T18:12:40", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2016-10277", "CVE-2017-11176", "CVE-2017-14051", "CVE-2017-1000380", "CVE-2017-13080", "CVE-2017-15274", "CVE-2017-12762", "CVE-2017-15265", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-9242", "CVE-2017-8831", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-8924", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2015-9004", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-12153", "CVE-2017-8925", "CVE-2017-6346", "CVE-2016-10229", "CVE-2017-8106", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2017-11-02T18:12:40", "id": "SUSE-SU-2017:2920-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T18:33:11", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212)\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415)\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bsc#1030593).\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel was too late in obtaining a certain lock and consequently could\n not ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914)\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bsc#1024938)\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bsc#1025235)\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly managed lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178)\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066)\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the &quot;dead&quot; type (bsc#1029850).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573)\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213)\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052)\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579)\n - CVE-2017-7482: Several missing length checks ticket decode allowing for\n information leak or potentially code execution (bsc#1046107).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bsc#1038879).\n - CVE-2017-7533: Race condition in the fsnotify implementation in the\n Linux kernel allowed local users to gain privileges or cause a denial of\n service (memory corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and vfs_rename\n functions (bnc#1049483 1050677 ).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bsc#1033336)\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a &quot;double fetch&quot; vulnerability. This requires\n a malicious PCI Card. (bnc#1037994).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038544).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel was too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel\n allowed local users to gain privileges or cause a denial of service\n (list corruption or use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing (bnc#1053152).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled\n buffer is copied into a local buffer of constant size using strcpy\n without a length check which can cause a buffer overflow. (bnc#1053148).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could\n have been exploited by unprivileged users to gain root access.\n (bsc#1052311).\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a\n missing bounds check, and the fact that parport_ptr integer is static, a\n 'secure boot' kernel command line adversary could have overflowed the\n parport_nr array in the following code (bnc#1039456).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n\n The following non-security bugs were fixed:\n\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891,\n bsc#1023051).\n - blkback/blktap: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - btrfs: cleanup code of btrfs_balance_delayed_items() (bsc#1034838).\n - btrfs: do not run delayed nodes again after all nodes flush\n (bsc#1034838).\n - btrfs: remove btrfs_end_transaction_dmeta() (bsc#1034838).\n - btrfs: remove residual code in delayed inode async helper (bsc#1034838).\n - btrfs: use flags instead of the bool variants in delayed node\n (bsc#1034838).\n - cifs: cifs_get_root shouldn't use path with tree name, alternate fix\n (bsc#963655, bsc#979681, bsc#1027406).\n - dentry name snapshots (bsc#1049483).\n - firmware: fix directory creation rule matching with make 3.80\n (bsc#1012422).\n - firmware: fix directory creation rule matching with make 3.82\n (bsc#1012422).\n - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562) (bsc#948562).\n - hv: do not lose pending heartbeat vmbus packets (bnc#1006919,\n bnc#1053760).\n - jbd: do not wait (forever) for stale tid caused by wraparound\n (bsc#1020229).\n - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - keys: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - nfs: Avoid getting confused by confused server (bsc#1045416).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: do not risk using duplicate owner/file/delegation ids\n (bsc#1029212).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Make nfs_readdir revalidate less often (bsc#1048232).\n - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990).\n - pciback: only check PF if actually dealing with a VF (bsc#999245).\n - pciback: Save the number of MSI-X entries to be copied later\n (bsc#957988).\n - Remove superfluous make flags (bsc#1012422)\n - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).\n - Revert &quot;fs/cifs: fix wrongly prefixed path to root (bsc#963655,\n bsc#979681)\n - scsi: lpfc: avoid double free of resource identifiers (bsc#989896).\n - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).\n - sunrpc: Clean up the slot table allocation (bsc#1013862).\n - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).\n - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - Use make --output-sync feature when available (bsc#1012422).\n - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).\n - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n\n", "cvss3": {}, "published": "2017-09-19T15:07:27", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-14051", "CVE-2017-7261", "CVE-2017-7184", "CVE-2017-1000380", "CVE-2017-6074", "CVE-2017-7616", "CVE-2017-12762", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-8831", "CVE-2017-2671", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-7533", "CVE-2017-7294", "CVE-2017-6348", "CVE-2017-10661", "CVE-2017-8924", "CVE-2017-1000112", "CVE-2016-5243", "CVE-2017-6214", "CVE-2017-7482", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-8925", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2017-8890"], "modified": "2017-09-19T15:07:27", "id": "SUSE-SU-2017:2525-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00073.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-05T00:36:41", "description": "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local\n users to gain privileges via a large filesystem stack that includes an\n overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bsc#1032340).\n - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous\n pages, which allowed local users to gain privileges or cause a denial of\n service (page tainting) via a crafted application that triggers writing\n to page zero (bnc#979021).\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not\n verify that a setkey operation has been performed on an AF_ALG socket\n before an accept system call is processed, which allowed local users to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted application that did not supply a key, related to the\n lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE\n setsockopt implementations in the netfilter subsystem in the Linux\n kernel allow local users to gain privileges or cause a denial of service\n (memory corruption) by leveraging in-container root access to provide a\n crafted offset value that triggers an unintended decrement (bnc#986362).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986365).\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of\n the &quot;lp&quot; parameter could be used to bypass certain secure boot settings.\n (bnc#1039456).\n - CVE-2017-1000364: An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is not sufficiently\n large and can be &quot;jumped&quot; over (the stack guard page is bypassed), this\n affects Linux Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010) (bnc#1039348).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bsc#1049603).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565\n bsc#1028372).\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593).\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel is too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066).\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the &quot;dead&quot; type (bnc#1029850).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213).\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (integer\n signedness error and out-of-bounds write), or gain privileges (if the\n CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).\n - CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a\n padded len isn't checked in ticket decode (bsc#1046107).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-7533: Race condition in the fsnotify implementation in the\n Linux kernel allowed local users to gain privileges or cause a denial of\n service (memory corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and vfs_rename\n functions (bsc#1049483).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bsc#1049882).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n\n The following non-security bugs were fixed:\n\n - 8250: use callbacks to access UART_DLL/UART_DLM.\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891,\n bsc#1023051).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).\n - alsa: hda - Fix regression of HD-audio controller fallback modes\n (bsc#1045538).\n - alsa: hda/realtek - Correction of fixup codes for PB V7900 laptop\n (bsc#1045538).\n - alsa: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup\n (bsc#1045538).\n - alsa: hda - using uninitialized data (bsc#1045538).\n - alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).\n - alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).\n - ath9k: fix buffer overrun for ar9287 (bsc#1045538).\n - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).\n - blacklist.conf: Add a few inapplicable items (bsc#1045538).\n - blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122)\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: fix ext_dev_lock lockdep report (bsc#1050154).\n - btrfs: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - cifs: backport prepath matching fix (bsc#799133).\n - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode\n numbers are in use (bsc#1041975).\n - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).\n - cifs: Timeout on SMBNegotiate request (bsc#1044913).\n - clocksource: Remove &quot;weak&quot; from clocksource_default_clock() declaration\n (bnc#1013018).\n - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).\n - crypto: nx - off by one bug in nx_of_update_msc()\n (fate#314588,bnc#792863).\n - decompress_bunzip2: off by one in get_next_block() (git-fixes).\n - devres: fix a for loop bounds check (git-fixes).\n - dlm: backport &quot;fix lvb invalidation conditions&quot; (bsc#1005651).\n - dm: fix ioctl retry termination with signal (bsc#1050154).\n - drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551)\n - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)\n - edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()\n (fate#313937).\n - enic: set skb-&gt;hash type properly (bsc#911105 FATE#317501).\n - ext2: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext3: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix fdatasync(2) after extent manipulation operations\n (bsc#1013018).\n - ext4: fix mballoc breakage with 64k block size (bsc#1013018).\n - ext4: fix stack memory corruption with 64k block size (bsc#1013018).\n - ext4: keep existing extra fields when inode expands (bsc#1013018).\n - ext4: reject inodes with negative size (bsc#1013018).\n - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).\n - firmware: fix directory creation rule matching with make 3.80\n (bsc#1012422).\n - firmware: fix directory creation rule matching with make 3.82\n (bsc#1012422).\n - fixed invalid assignment of 64bit mask to host dma_boundary for scatter\n gather segment boundary limit (bsc#1042045).\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fnic: Using rport-&gt;dd_data to check rport online instead of rport_lookup\n (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr\n (bsc#1013018).\n - fuse: add missing FR_FORCE (bsc#1013018).\n - fuse: initialize fc-&gt;release before calling it (bsc#1013018).\n - genirq: Prevent proc race against freeing of irq descriptors\n (bnc#1044230).\n - hrtimer: Allow concurrent hrtimer_start() for self restarting timers\n (bnc#1013018).\n - i40e: avoid null pointer dereference (bsc#909486 FATE#317393).\n - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).\n - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx\n (bsc#985561).\n - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).\n - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per\n packet (bsc#985561).\n - i40e/i40evf: Rewrite logic for 8 descriptor per packet check\n (bsc#985561).\n - i40e: Impose a lower limit on gso size (bsc#985561).\n - i40e: Limit TX descriptor count in cases where frag size is greater than\n 16K (bsc#985561).\n - ib/mlx4: Demote mcg message from warning to debug (bsc#919382).\n - ib/mlx4: Fix ib device initialization error flow (bsc#919382).\n - ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).\n - ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).\n - ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level\n (bsc#919382).\n - ib/mlx4: Set traffic class in AH (bsc#919382).\n - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE\n operation (bsc#1036288).\n - initial cr0 bits (bnc#1036056, LTC#153612).\n - input: cm109 - validate number of endpoints before using them\n (bsc#1037193).\n - input: hanwang - validate number of endpoints before using them\n (bsc#1037232).\n - input: yealink - validate number of endpoints before using them\n (bsc#1037227).\n - ipmr, ip6mr: fix scheduling while atomic and a deadlock with\n ipmr_get_route (git-fixes).\n - irq: Fix race condition (bsc#1042615).\n - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).\n - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).\n - jbd: do not wait (forever) for stale tid caused by wraparound\n (bsc#1020229).\n - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).\n - jsm: add support for additional Neo cards (bsc#1045615).\n - kabi fix (bsc#1008893).\n - kABI: mask struct xfs_icdinode change (bsc#1024788).\n - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).\n - kabi:severeties: Add splice_write_to_file PASS This function is part of\n an xfs-specific fix which never went upstream and is not expected to\n have 3rdparty users other than xfs itself.\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - keys: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - kvm: kvm_io_bus_unregister_dev() should never fail.\n - libata: fix sff host state machine locking while polling (bsc#1045525).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libceph: potential NULL dereference in ceph_msg_data_create()\n (bsc#1051515).\n - libfc: fixup locking in fc_disc_stop() (bsc#1029140).\n - libfc: move 'pending' and 'requested' setting (bsc#1029140).\n - libfc: only restart discovery after timeout if not already running\n (bsc#1029140).\n - lockd: use init_utsname for id encoding (bsc#1033804).\n - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).\n - math64: New div64_u64_rem helper (bnc#938352).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md: fix a null dereference (bsc#1040351).\n - md: flush -&gt;event_work before stopping array (git-fixes).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md/linear: shutup lockdep warnning (bsc#1018446).\n - md: make sure GET_ARRAY_INFO ioctl reports correct &quot;clean&quot; status\n (git-fixes).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid1: extend spinlock to protect raid1_end_read_request against\n inconsistencies (git-fixes).\n - md/raid1: fix test for 'was read error from last working device'\n (git-fixes).\n - md/raid5: do not record new size if resize_stripes fails (git-fixes).\n - md/raid5: Fix CPU hotplug callback registration (git-fixes).\n - md: use separate bio_pool for metadata writes (bsc#1040351).\n - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).\n - mlx4: reduce OOM risk on arches with large pages (bsc#919382).\n - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore\n (bsc#1045547).\n - mmc: ushc: fix NULL-deref at probe (bsc#1037191).\n - mm: do not collapse stack gap into THP (bnc#1039348)\n - mm: enlarge stack guard gap (bnc#1039348).\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mm/memory-failure.c: use compound_head() flags for huge pages\n (bnc#971975 VM -- git fixes).\n - mm/mempolicy.c: do not put mempolicy before using its nodemask\n (References: VM Performance, bnc#931620).\n - mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348, bnc#1045340, bnc#1045406).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - Move nr_cpus_allowed into a hole in struct_sched_entity instead of the\n one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which\n will screw up kABI for RT instead of curing the space needed problem in\n sched_rt_entity caused by adding ff77e4685359. This leaves\n nr_cpus_alowed in an odd spot, but safely allows the RT entity specific\n data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed\n just moves from one odd spot to another.\n - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).\n - net: avoid reference counter overflows on fib_rules in multicast\n forwarding (git-fixes).\n - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV\n (bsc#919382).\n - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to\n physical (bsc#919382).\n - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on\n new probed PFs (bsc#919382).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#919382).\n - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).\n - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).\n - net/mlx4_core: Use-after-free causes a resource leak in flow-steering\n detach (bsc#919382).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#919382).\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).\n - net/mlx4_en: Change the error print to debug print (bsc#919382).\n - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).\n - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).\n - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).\n - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).\n - net/mlx4: Fix the check in attaching steering rules (bsc#919382).\n - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode\n to device managed flow steering (bsc#919382).\n - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bnc#784815 FATE#313898).\n - nfs: Avoid getting confused by confused server (bsc#1045416).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: do not risk using duplicate owner/file/delegation ids\n (bsc#1029212).\n - nfsd: Don't use state id of 0 - it is reserved (bsc#1049688 bsc#1051770).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix another OPEN_DOWNGRADE bug (git-next).\n - nfs: fix nfs_size_to_loff_t (git-fixes).\n - nfs: Fix size of NFSACL SETACL operations (git-fixes).\n - nfs: Make nfs_readdir revalidate less often (bsc#1048232).\n - nfs: tidy up nfs_show_mountd_netid (git-fixes).\n - nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).\n - nfsv4: Fix another bug in the close/open_downgrade code (git-fixes).\n - nfsv4: fix getacl head length estimation (git-fixes).\n - nfsv4: Fix problems with close in the presence of a delegation\n (git-fixes).\n - nfsv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - ocfs2: do not write error flag to user structure we cannot copy from/to\n (bsc#1013018).\n - ocfs2: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).\n - ocfs2: fix error return code in ocfs2_info_handle_freefrag()\n (bsc#1013018).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - ocfs2: null deref on allocation error (bsc#1013018).\n - pci: Allow access to VPD attributes with size 0 (bsc#1018074).\n - pciback: only check PF if actually dealing with a VF (bsc#999245).\n - pciback: use pci_physfn() (bsc#999245).\n - pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).\n - perf/core: Fix event inheritance on fork() (bnc#1013018).\n - posix-timers: Fix stack info leak in timer_create() (bnc#1013018).\n - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting\n smt_snooze_delay (bsc#1023163).\n - powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET\n (bsc#928138,fate#319026).\n - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()\n (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Convert mask to unsigned long (fate#322495,\n bsc#1032471).\n - powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID\n (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495,\n bsc#1032471).\n - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Convert slice_mask high slice to a bitmap\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Fix off-by-1 error when computing slice mask\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Move slice_mask struct definition to slice.c\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Update slice mask printing to use bitmap printing\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Update the function prototype (fate#322495,\n bsc#1032471).\n - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital\n (fate#322495, bsc#1032471).\n - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).\n - powerpc/pseries: Release DRC when configure_connector fails\n (bsc#1035777, Pending Base Kernel Fixes).\n - powerpc: Remove STAB code (fate#322495, bsc#1032471).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1016489).\n - raid1: avoid unnecessary spin locks in I/O barrier code\n (bsc#982783,bsc#1026260).\n - random32: fix off-by-one in seeding requirement (git-fixes).\n - rcu: Call out dangers of expedited RCU primitives (bsc#1008893).\n - rcu: Direct algorithmic SRCU implementation (bsc#1008893).\n - rcu: Flip -&gt;completed only once per SRCU grace period (bsc#1008893).\n - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).\n - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).\n - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).\n - reiserfs: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - reiserfs: don't preallocate blocks for extended attributes (bsc#990682).\n - Remove patches causing regression (bsc#1043234)\n - Remove superfluous make flags (bsc#1012422)\n - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).\n - Revert &quot;kabi:severeties: Add splice_write_to_file PASS&quot; This reverts\n commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2.\n - Revert &quot;math64: New div64_u64_rem helper&quot; (bnc#938352).\n - Revert &quot;xfs: fix up xfs_swap_extent_forks inline extent handling\n (bsc#1023888).&quot; I was baing my assumption of SLE11-SP4 needing this\n patch on an old kernel build (3.0.101-63). Re-testing with the latest\n one 3.0.101-94 shows that the issue is not present. Furthermore this one\n was causing some crashes. This reverts commit\n 16ceeac70f7286b6232861c3170ed32e39dcc68c.\n - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573).\n - s390/qdio: clear DSCI prior to scanning multiple input queues\n (bnc#1046715, LTC#156234).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).\n - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).\n - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144).\n - s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505).\n - sched: Always initialize cpu-power (bnc#1013018).\n - sched: Avoid cputime scaling overflow (bnc#938352).\n - sched: Avoid prev-&gt;stime underflow (bnc#938352).\n - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).\n - sched/core: Remove false-positive warning from wake_up_process()\n (bnc#1044882).\n - sched/cputime: Do not scale when utime == 0 (bnc#938352).\n - sched/debug: Print the scheduler topology group mask (bnc#1013018).\n - sched: Do not account bogus utime (bnc#938352).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).\n - sched/fair: Fix min_vruntime tracking (bnc#1013018).\n - sched: Fix domain iteration (bnc#1013018).\n - sched: Fix SD_OVERLAP (bnc#1013018).\n - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded\n systems (bnc#1013018).\n - sched: Lower chances of cputime scaling overflow (bnc#938352).\n - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'\n (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime\n tracking\n - sched: Rename a misleading variable in build_overlap_sched_groups()\n (bnc#1013018).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep\n for b60205c7c558 sched/fair: Fix min_vruntime tracking\n - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).\n - sched/topology: Move comment about asymmetric node setups (bnc#1013018).\n - sched/topology: Optimize build_group_mask() (bnc#1013018).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1013018).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1013018).\n - sched: Use swap() macro in scale_stime() (bnc#938352).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: fix race between simultaneous decrements of -&gt;host_failed\n (bsc#1050154).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mvsas: fix command_active typo (bsc#1050154).\n - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init\n (bsc#1050154).\n - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).\n - scsi: zfcp: do not trace pure benign residual HBA responses at default\n level (bnc#1025702, LTC#151317).\n - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702,\n LTC#151319).\n - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on\n failed send (bnc#1025702, LTC#151365).\n - scsi: zfcp: fix use-after-&quot;free&quot; in FC ingress path after TMF\n (bnc#1025702, LTC#151312).\n - sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - splice: Stub splice_write_to_file (bsc#1043234).\n - sunrpc: Clean up the slot table allocation (bsc#1013862).\n - sunrpc: Fix a memory leak in the backchannel code (git-fixes).\n - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).\n - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).\n - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).\n - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).\n - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).\n - udf: Fix races with i_size changes during readpage (bsc#1013018).\n - Update metadata for serial fixes (bsc#1013070)\n - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).\n - usb: cdc-acm: fix broken runtime suspend (bsc#1033771).\n - usb: cdc-acm: fix open and suspend race (bsc#1033771).\n - usb: cdc-acm: fix potential urb leak and PM imbalance in write\n (bsc#1033771).\n - usb: cdc-acm: fix runtime PM for control messages (bsc#1033771).\n - usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).\n - usb: cdc-acm: fix shutdown and suspend race (bsc#1033771).\n - usb: cdc-acm: fix write and resume race (bsc#1033771).\n - usb: cdc-acm: fix write and suspend race (bsc#1033771).\n - usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).\n - usb: class: usbtmc: do not print error when allocating urb fails\n (bsc#1036288).\n - usb: class: usbtmc: do not print on ENOMEM (bsc#1036288).\n - usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453).\n - usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).\n - usb: iowarrior: fix NULL-deref in write (bsc#1037359).\n - usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).\n - usb: serial: ark3116: fix register-accessor error handling (git-fixes).\n - usb: serial: ch341: fix open error handling (bsc#1037441).\n - usb: serial: cp210x: fix tiocmget error handling (bsc#1037441).\n - usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).\n - usb: serial: io_ti: fix information leak in completion handler\n (git-fixes).\n - usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).\n - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - usb: serial: mos7720: fix NULL-deref at open (bsc#1033816).\n - usb: serial: mos7720: fix parallel probe (bsc#1033816).\n - usb: serial: mos7720: fix parport use-after-free on probe errors\n (bsc#1033816).\n - usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).\n - usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026).\n - usb: serial: mos7840: fix NULL-deref at open (bsc#1034026).\n - usb: serial: oti6858: fix NULL-deref at open (bsc#1037441).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bsc#1037441).\n - usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).\n - usbtmc: remove redundant braces (bsc#1036288).\n - usbtmc: remove trailing spaces (bsc#1036288).\n - usb: usbip: fix nonconforming hub descriptor (bsc#1047487).\n - usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).\n - usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).\n - usb: usbtmc: add missing endpoint sanity check (bsc#1036288).\n - usb: usbtmc: Change magic number to constant (bsc#1036288).\n - usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).\n - usb: usbtmc: fix DMA on stack (bsc#1036288).\n - usb: usbtmc: fix probe error path (bsc#1036288).\n - usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).\n - usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).\n - usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk\n (bsc#1036288).\n - usbvision: fix NULL-deref at probe (bsc#1050431).\n - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL\n (bsc#1023014).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available. SLE11 has make 3.81 so it is\n required to include make 4 in the kernel OBS projects to take advantege\n of this.\n - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).\n - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).\n - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).\n - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).\n - vfs: split generic splice code from i_mutex locking (bsc#1024788).\n - vmxnet3: avoid calling pskb_may_pull with interrupts disabled\n (bsc#1045356).\n - vmxnet3: fix checks for dma mapping errors (bsc#1045356).\n - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).\n - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates\n (bsc#948562).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression &gt;= 0\n (bsc#1051478).\n - xen: avoid deadlock in xenbus (bnc#1047523).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1024508).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: Fix lock ordering in splice write (bsc#1024788).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: kill xfs_itruncate_start (bsc#1024788).\n - xfs: Make xfs_icdinode-&gt;di_dmstate atomic_t (bsc#1024788).\n - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove the i_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove xfs_itruncate_data (bsc#1024788).\n - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).\n - xfs: split xfs_itruncate_finish (bsc#1024788).\n - xfs: split xfs_setattr (bsc#1024788).\n - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: use -&gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).\n\n", "cvss3": {}, "published": "2017-09-04T21:11:06", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-7261", "CVE-2017-7184", "CVE-2017-1000380", "CVE-2017-6074", "CVE-2016-7117", "CVE-2017-7616", "CVE-2015-3288", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-7533", "CVE-2017-7294", "CVE-2017-6348", "CVE-2017-8924", "CVE-2015-8970", "CVE-2016-5243", "CVE-2017-6214", "CVE-2017-1000364", "CVE-2017-7482", "CVE-2014-9922", "CVE-2016-4997", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-8925", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2017-8890", "CVE-2016-4998", "CVE-2016-2188"], "modified": "2017-09-04T21:11:06", "id": "SUSE-SU-2017:2342-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00009.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.59-92_24 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n The following non-security bug was fixed:\n\n - Fix for a btrfs deadlock between btrfs-cleaner and user space thread\n regression, which could cause spurious WARN_ON's from\n fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups\n are enabled. (bsc#1047518)\n\n", "cvss3": {}, "published": "2017-08-07T15:16:21", "type": "suse", "title": "Security update for Linux Kernel Live Patch 9 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:16:21", "id": "SUSE-SU-2017:2066-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.49-92_14 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-07T15:20:40", "type": "suse", "title": "Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:20:40", "id": "SUSE-SU-2017:2070-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.59-92_17 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n The following non-security bug was fixed:\n\n - Fix for a btrfs deadlock between btrfs-cleaner and user space thread\n regression, which could cause spurious WARN_ON's from\n fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups\n are enabled. (bsc#1047518)\n\n", "cvss3": {}, "published": "2017-08-07T15:13:41", "type": "suse", "title": "Security update for Linux Kernel Live Patch 7 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:13:41", "id": "SUSE-SU-2017:2064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-04T22:24:02", "description": "This update for the Linux Kernel 4.4.59-92_20 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n The following non-security bug was fixed:\n\n - Fix for a btrfs deadlock between btrfs-cleaner and user space thread\n regression, which could cause spurious WARN_ON's from\n fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups\n are enabled. (bsc#1047518)\n\n", "cvss3": {}, "published": "2017-08-04T21:09:28", "type": "suse", "title": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-04T21:09:28", "id": "SUSE-SU-2017:2046-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T17:07:06", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n\n The following non-security bugs were fixed:\n\n - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n - ALSA: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - Added sbitmap patch to blacklist.conf Add a patch &quot;sbitmap: fix wakeup\n hang after sbq resize&quot; to the blacklist.conf file because it is not\n needed in SLE 12 SP2.\n - Btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - Btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - Btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - Delete\n patches.drivers/0004-iommu-amd-reduce-delay-waiting-for-command-buffer-spac\n e. Remove the patch because it caused problems for users. See\n bsc#1048348.\n - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).\n - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - NFS: Cache aggressively when file is open for writing (bsc#1033587).\n - NFS: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - NFS: invalidate file size when taking a lock (git-fixes).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - PCI: Add Mellanox device IDs (bsc#1051478).\n - PCI: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - PCI: Enable ECRC only if device supports it (bsc#1051478).\n - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - PM / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604\n FATE#321747).\n - README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer\n - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a\n stupid bug where the VCPU_REGS_TF shift was used as a mask.\n - Revert &quot;Add &quot;shutdown&quot; to &quot;struct class&quot;.&quot; (kabi).\n - Revert &quot;mm/list_lru.c: fix list_lru_count_node() to be race free&quot; (kabi).\n - Revert &quot;powerpc/numa: Fix percpu allocations to be NUMA aware&quot;\n (bsc#1048914).\n - Revert &quot;powerpc/numa: Fix percpu allocations to be NUMA aware&quot;\n (bsc#1048914).\n - Revert &quot;tpm: Issue a TPM2_Shutdown for TPM2 devices.&quot; (kabi).\n - Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600\n fate#321928 bsc#1016119).\n - Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch\n (bsc#1043598, bsc#1036215).\n - apply mainline tags to some hyperv patches\n - arm64: kernel: restrict /dev/mem read() calls to linear region\n (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion\n 4.4.79Version: 4.4.79Release: &lt;RELEASE&gt;.g4dc78e3\n - arm64: mm: remove page_mapping check in __sync_icache_dcache\n (bsc#1040347).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup\n - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not\n applicable to SLE\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Fix front merge check (bsc#1051239).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).\n - cxgb4: fix a NULL dereference (bsc#1005778).\n - cxgb4: fix memory leak in init_one() (bsc#1005778).\n - dentry name snapshots (bsc#1049483).\n - device-dax: fix sysfs attribute deadlock (bsc#1048919).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - gcov: add support for gcc version &gt;= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).\n - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).\n - hv_netvsc: Fix the queue index computation in forwarding case\n (bsc#1048421).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for &quot;x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path&quot; (bsc#1051478).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919).\n - libnvdimm, region: fix flush hint detection crash (bsc#1048919).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1051048).\n - lightnvm: fix &quot;warning: \u00e2\u0080\u0098ret\u00e2\u0080\u0099 may be used uninitialized&quot;\n (FATE#319466).\n - md-cluster: Fix a memleak in an error handling path (bsc#1049289).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146).\n - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146).\n - nvmet: identify controller: improve standard compliance (bsc#1048146).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used\n (bsc#1049231).\n - powerpc: Add POWER9 architected mode to cputable (bsc#1048916,\n fate#321439).\n - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qed: Add missing static/local dcbx info (bsc#1019695).\n - qed: Correct print in iscsi error-flow (bsc#1019695).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in\n virt drivers\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706).\n - s390/kdump: remove code to create ELF notes in the crashed system\n (bsc#1049706).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: aacraid: Do not copy uninitialized stack memory to userspace\n (bsc#1048912).\n - scsi: aacraid: fix leak of data from stack back to userspace\n (bsc#1048912).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838).\n - scsi: lpfc: Add auto EQ delay logic (bsc#1042257).\n - scsi: lpfc: Added recovery logic for running out of NVMET IO context\n resources (bsc#1037838).\n - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838).\n - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838).\n - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux\n (bsc#1044623).\n - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests\n (bsc#1037838).\n - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type\n (bsc#1037838).\n - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport\n state (bsc#1037838).\n - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes\n (bsc#1037838).\n - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623).\n - scsi: lpfc: Fix crash after firmware flash when IO is running\n (bsc#1044623).\n - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623).\n - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an\n abort request (bsc#1044623).\n - scsi: lpfc: Fix debugfs root inode &quot;lpfc&quot; not getting deleted on driver\n unload (bsc#1037838).\n - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257).\n - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404).\n - scsi: lpfc: Fix nvmet RQ resource needs for large block writes\n (bsc#1037838).\n - scsi: lpfc: Fix system crash when port is reset (bsc#1037838).\n - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623).\n - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838).\n - scsi: lpfc: Reduce time spent in IRQ for received NVME commands\n (bsc#1044623).\n - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources\n SGL/iocbq/context (bsc#1037838).\n - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838).\n - scsi: lpfc: Vport creation is failing with &quot;Link Down&quot; error\n (bsc#1044623).\n - scsi: lpfc: fix refcount error on node list (bsc#1045404).\n - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623).\n - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838).\n - scsi: qedf: Fix a return value in case of error in\n 'qedf_alloc_global_queues' (bsc#1048912).\n - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443).\n - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443).\n - sfc: Add ethtool -m support for QSFP modules (bsc#1049619).\n - string.h: add memcpy_and_pad() (bsc#1048146).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - x86/platform/uv/BAU: Disable BAU on single hub configurations\n (bsc#1050320).\n - x86/platform/uv/BAU: Fix congested_response_us not taking effect\n (bsc#1050322).\n - xen/pvh*: Support &gt; 32 VCPUs at domain restore (bnc#1045563).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).\n - xfs: detect and trim torn writes during log recovery (bsc#1036215).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: refactor and open code log record crc check (bsc#1036215).\n - xfs: refactor log record start detection into a new helper (bsc#1036215).\n - xfs: return start block of first bad log record during recovery\n (bsc#1036215).\n - xfs: support a crc verification only log record pass (bsc#1036215).\n - xgene: Do not fail probe, if there is no clk resource for SGMII\n interfaces (bsc#1048501).\n\n", "cvss3": {}, "published": "2017-08-09T15:21:43", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "modified": "2017-08-09T15:21:43", "id": "OPENSUSE-SU-2017:2112-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00032.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:21", "description": "This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-08T15:10:24", "type": "suse", "title": "Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:10:24", "id": "SUSE-SU-2017:2091-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00019.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.21-69 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-07T15:11:15", "type": "suse", "title": "Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:11:15", "id": "SUSE-SU-2017:2062-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00009.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.38-93 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-07T15:15:00", "type": "suse", "title": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:15:00", "id": "SUSE-SU-2017:2065-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-04T22:24:02", "description": "This update for the Linux Kernel 4.4.21-90 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-04T21:06:55", "type": "suse", "title": "Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-04T21:06:55", "id": "SUSE-SU-2017:2043-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "description": "This update for the Linux Kernel 4.4.21-81 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly\n validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or\n LAYOUTGET operand in a UDP packet from a remote attacker. This type\n value is uninitialized upon encountering certain error conditions. This\n value is used as an array index for dereferencing, which leads to an\n OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system\n (bsc#1046202)\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "cvss3": {}, "published": "2017-08-07T15:17:40", "type": "suse", "title": "Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-9077", "CVE-2017-8890", "CVE-2017-8797"], "modified": "2017-08-07T15:17:40", "id": "SUSE-SU-2017:2067-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T17:07:07", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n\n The following non-security bugs were fixed:\n\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf:\n - blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any\n systems that might need it in SP2.\n - blacklist.conf: 8b8642af15ed not a supported driver\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blacklist.conf: build time cleanup our kernel compiles. No need to shut\n up warnings nobody looks at\n - blacklist.conf: cleanup, no bugs fixed\n - blacklist.conf: cxgb4 commit does not fit for SP2\n - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not\n applicable to SLE\n - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE\n - blacklist.conf: kABI breakage This touches struct device.\n - blacklist.conf: lp8788 is not compiled\n - blacklist.conf: unneeded Fixing debug statements on BE systems for IrDA\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: Fix the bug in generating the guest ID (fate#320485).\n - drivers: hv: util: Fix a typo (fate#320485).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Move the code to signal end of message (fate#320485).\n - drivers: hv: vmbus: Move the definition of generate_guest_id()\n (fate#320485).\n - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents\n (fate#320485).\n - drivers: hv: vmbus: Restructure the clockevents code (fate#320485).\n - drm/amdgpu: Fix overflow of watermark calcs at &gt; 4k resolutions\n (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - gcov: add support for gcc version &gt;= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_util: switch to using timespec64 (fate#320485).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID&lt;1\n (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi-&gt;active_filters from hash contents (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f-&gt;vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - Input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for &quot;x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path&quot; (bsc#1051478).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md: fix sleep in atomic (bsc#1040351).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - More Git-commit header fixups No functional change intended.\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - nfs: Cache aggressively when file is open for writing (bsc#1033587).\n - nfs: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - nfs: invalidate file size when taking a lock (git-fixes).\n - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - pci: Add Mellanox device IDs (bsc#1051478).\n - pci: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - pci: Enable ECRC only if device supports it (bsc#1051478).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - Pm / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - README.BRANCH: Add Oliver as openSUSE-42.2 branch co-maintainer\n - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a\n stupid bug where the VCPU_REGS_TF shift was used as a mask.\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - Revert &quot;ACPI / video: Add force_native quirk for HP Pavilion dv6&quot;\n (bsc#1031717).\n - Revert &quot;Add &quot;shutdown&quot; to &quot;struct class&quot;.&quot; (kabi).\n - Revert &quot;kvm: x86: fix emulation of RSM and IRET instructions&quot; (kabi).\n - Revert &quot;mm/list_lru.c: fix list_lru_count_node() to be race free&quot; (kabi).\n - Revert &quot;powerpc/numa: Fix percpu allocations to be NUMA aware&quot;\n (bsc#1048914).\n - Revert &quot;tpm: Issue a TPM2_Shutdown for TPM2 devices.&quot; (kabi).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,\n bnc#1044636).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/pvh*: Support &gt; 32 VCPUs at domain restore (bnc#1045563).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n\n", "cvss3": {}, "published": "2017-08-09T15:08:18", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "modified": "2017-08-09T15:08:18", "id": "OPENSUSE-SU-2017:2110-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00031.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-19T14:21:07", "description": "USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3344-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101155);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:59", "description": "USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101154);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3328-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1018-gke\", pkgver:\"4.4.0-1018.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1022-aws\", pkgver:\"4.4.0-1022.31\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-raspi2\", pkgver:\"4.4.0-1061.69\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-snapdragon\", pkgver:\"4.4.0-1063.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1022.25\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1018.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1061.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1063.56\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:54", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100932);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3334-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3334-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:09", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3332-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3332-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100930);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3332-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3332-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3332-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1059-raspi2\", pkgver:\"4.4.0-1059.67\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1059.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:45", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3331-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3331-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100929);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3331-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3331-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-aws package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3331-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1020-aws\", pkgver:\"4.4.0-1020.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:28", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100927);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3329-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3329-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-gke package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3329-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1016-gke\", pkgver:\"4.4.0-1016.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-gke\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:47", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3330-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100928);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3330-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3330-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-snapdragon and / or\nlinux-image-snapdragon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3330-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-snapdragon\", pkgver:\"4.4.0-1061.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1061.54\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-snapdragon / linux-image-snapdragon\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:16", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3328-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3328-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100926);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3328-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3328-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3328-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:20", "description": "USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3345-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3345-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101156);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3345-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3324-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3345-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3345-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1010-raspi2\", pkgver:\"4.10.0-1010.13\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic-lpae\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-lowlatency\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1010.12\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:57", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125).\n\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796).\n\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.\n (bsc#1038982)\n\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (bsc#1038981)\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2017-7487", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1853-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101762);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-7346\", \"CVE-2017-7487\", \"CVE-2017-7616\", \"CVE-2017-7618\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000365: The Linux Kernel imposes a size\n restriction on the arguments and environmental strings\n passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the\n size), but did not take the argument and environment\n pointers into account, which allowed attackers to bypass\n this limitation. (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel\n is vulnerable to a data race in the ALSA /dev/snd/timer\n driver resulting in local users being able to read\n information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a\n read and an ioctl happen at the same time (bnc#1044125).\n\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function\n in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate certain levels data, which\n allowed local users to cause a denial of service (system\n hang) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031796).\n\n - CVE-2017-9242: The __ip6_append_data function in\n net/ipv6/ip6_output.c in the Linux kernel is too late in\n checking whether an overwrite of an skb data structure\n may occur, which allowed local users to cause a denial\n of service (system crash) via crafted system calls\n (bnc#1041431).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti\n USB serial device) to trigger an integer underflow.\n (bsc#1038982)\n\n - CVE-2017-8925: The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel allowed\n local users to cause a denial of service (tty\n exhaustion) by leveraging reference count mishandling.\n (bsc#1038981)\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in\n kernel/bpf/verifier.c in the Linux kernel did not make\n the allow_ptr_leaks value available for restricting the\n output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via\n crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel\n allowed attackers to cause a denial of service (API\n operation calling its own callback, and infinite\n recursion) by triggering EBUSY on a full queue\n (bnc#1033340).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=863764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9150/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9242/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171853-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e55dfeb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-1146=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1146=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1146=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.74-92.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:02", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9242"], "modified": "2019-03-08T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0019_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0019. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121698);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/03/08\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9242\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0019\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-48.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.71-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.71-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:12", "description": "The 4.11.4 update contains a number of important fixes across the tree\n\n----\n\nThis is a rebase to the 4.11 series of kernels. It includes all fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-15T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-6554692044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-6554692044.NASL", "href": "https://www.tenable.com/plugins/nessus/100798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-6554692044.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100798);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-6554692044\");\n\n script_name(english:\"Fedora 24 : kernel (2017-6554692044)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.4 update contains a number of important fixes across the tree\n\n----\n\nThis is a rebase to the 4.11 series of kernels. It includes all fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6554692044\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-6554692044\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.11.4-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:53", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2017-7487\n\nLi Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured.\n\nCVE-2017-7645\n\nTuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service.\n\nCVE-2017-7895\n\nAri Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space.\n\nCVE-2017-8890\n\nIt was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact.\n\nCVE-2017-8924\n\nJohan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected.\n\nCVE-2017-8925\n\nJohan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices.\n\nCVE-2017-9074\n\nAndrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash).\n\nCVE-2017-9075\n\nAndrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user.\n\nCVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075.\n\nCVE-2017-9242\n\nAndrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation.\n\nCVE-2017-1000364\n\nThe Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation.\n\nThe default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line.\n\nFurther details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.tx t\n\nFor Debian 7 'Wheezy', this problem has been fixed in version 3.2.89-2.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 3.16.43-2+deb8u2.\n\nFor Debian 9 'Stretch', this problem has been fixed in version 4.9.30-2+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Debian DLA-993-2 : linux regression update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-993.NASL", "href": "https://www.tenable.com/plugins/nessus/100876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-993-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100876);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-7895\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Debian DLA-993-2 : linux regression update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7487\n\nLi Qiang reported a reference counter leak in the ipxitf_ioctl\nfunction which may result into a use-after-free vulnerability,\ntriggerable when a IPX interface is configured.\n\nCVE-2017-7645\n\nTuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the\nNFSv2 and NFSv3 server implementations are vulnerable to an\nout-of-bounds memory access issue while processing arbitrarily long\narguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of\nservice.\n\nCVE-2017-7895\n\nAri Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3\nserver implementations do not properly handle payload bounds checking\nof WRITE requests. A remote attacker with write access to a NFS mount\ncan take advantage of this flaw to read chunks of arbitrary memory\nfrom both kernel-space and user-space.\n\nCVE-2017-8890\n\nIt was discovered that the net_csk_clone_lock() function allows a\nremote attacker to cause a double free leading to a denial of service\nor potentially have other impact.\n\nCVE-2017-8924\n\nJohan Hovold found that the io_ti USB serial driver could leak\nsensitive information if a malicious USB device was connected.\n\nCVE-2017-8925\n\nJohan Hovold found a reference counter leak in the omninet USB serial\ndriver, resulting in a use-after-free vulnerability. This can be\ntriggered by a local user permitted to open tty devices.\n\nCVE-2017-9074\n\nAndrey Konovalov reported that the IPv6 fragmentation implementation\ncould read beyond the end of a packet buffer. A local user or guest VM\nmight be able to use this to leak sensitive information or to cause a\ndenial of service (crash).\n\nCVE-2017-9075\n\nAndrey Konovalov reported that the SCTP/IPv6 implementation wrongly\ninitialised address lists on connected sockets, resulting in a\nuse-after-free vulnerability, a similar issue to CVE-2017-8890. This\ncan be triggered by any local user.\n\nCVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and\nDCCP/IPv6 implementations wrongly initialised address lists on\nconnected sockets, a similar issue to CVE-2017-9075.\n\nCVE-2017-9242\n\nAndrey Konovalov reported a packet buffer overrun in the IPv6\nimplementation. A local user could use this for denial of service\n(memory corruption; crash) and possibly for privilege escalation.\n\nCVE-2017-1000364\n\nThe Qualys Research Labs discovered that the size of the stack guard\npage is not sufficiently large. The stack-pointer can jump over the\nguard-page and moving from the stack into another memory region\nwithout accessing the guard-page. In this case no page-fault exception\nis raised and the stack extends into the other memory region. An\nattacker can exploit this flaw for privilege escalation.\n\nThe default stack gap protection is set to 256 pages and can\nbe configured via the stack_guard_gap kernel parameter on\nthe kernel command line.\n\nFurther details can be found at\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.tx\nt\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n3.2.89-2.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n3.16.43-2+deb8u2.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n4.9.30-2+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.89-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:36", "description": "An update of [linux] packages for PhotonOS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0019 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9242"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/111868", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0019. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111868);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9242\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0019 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4b1f184\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8890\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.71-1.ph1\",\n \"linux-api-headers-4.4.71-1.ph1\",\n \"linux-debuginfo-4.4.71-1.ph1\",\n \"linux-dev-4.4.71-1.ph1\",\n \"linux-docs-4.4.71-1.ph1\",\n \"linux-drivers-gpu-4.4.71-1.ph1\",\n \"linux-esx-4.4.71-1.ph1\",\n \"linux-esx-debuginfo-4.4.71-1.ph1\",\n \"linux-esx-devel-4.4.71-1.ph1\",\n \"linux-esx-docs-4.4.71-1.ph1\",\n \"linux-oprofile-4.4.71-1.ph1\",\n \"linux-sound-4.4.71-1.ph1\",\n \"linux-tools-4.4.71-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:03", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-044.NASL", "href": "https://www.tenable.com/plugins/nessus/100600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100600);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-044)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816866\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-20.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e718308f\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-20.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:42", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - Improved isolation for neighbor table settings. (The fix added to the 042stab120.19 kernel was incomplete.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2017-047.NASL", "href": "https://www.tenable.com/plugins/nessus/100769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100769);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-047)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\n - Improved isolation for neighbor table settings. (The\n fix added to the 042stab120.19 kernel was incomplete.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2822597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3677\",\n \"vzkernel-2.6.32-042stab123.4\",\n \"vzkernel-devel-2.6.32-042stab123.4\",\n \"vzkernel-firmware-2.6.32-042stab123.4\",\n \"vzmodules-2.6.32-042stab123.4\",\n \"vzmodules-devel-2.6.32-042stab123.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:01", "description": "Rebase to 4.11.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-01T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-6f06be3fe9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-6F06BE3FE9.NASL", "href": "https://www.tenable.com/plugins/nessus/100563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-6f06be3fe9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100563);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n script_xref(name:\"FEDORA\", value:\"2017-6f06be3fe9\");\n\n script_name(english:\"Fedora 25 : kernel (2017-6f06be3fe9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.11.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f06be3fe9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-6f06be3fe9\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.11.3-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:02", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-05T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-045.NASL", "href": "https://www.tenable.com/plugins/nessus/100601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100601);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9074\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-045)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandles\n inheritance, which allows local users to cause a denial\n of service or possibly have unspecified other impact\n via crafted system calls, a related issue to\n CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The IPv6 fragmentation implementation in the Linux\n kernel through 4.11.1 does not consider that the\n nexthdr field may be associated with an invalid option,\n which allows local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have\n unspecified other impact via crafted socket and send\n system calls.\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2816867\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-21.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a0bddd6\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-21.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:55", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3325-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3325-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100923);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3325-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3325-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.10-raspi2 and / or\nlinux-image-raspi2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3325-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1008-raspi2\", pkgver:\"4.10.0-1008.11\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1008.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:29", "description": "Module reference leak due to improper shut down of callback channel on umount :\n\nThe NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a 'module reference and kernel daemon' leak.\n(CVE-2017-9059)\n\nIncorrect overwrite check in __ip6_append_data() :\n\nThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.\n(CVE-2017-9242)\n\nDouble free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c :\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.\nDue to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)\n\nnet: tcp_v6_syn_recv_sock function mishandles inheritance :\n\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9077)\n\nnet: IPv6 DCCP implementation mishandles inheritance\n\nThe IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\nnet: sctp_v6_create_accept_sk function mishandles inheritance :\n\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)\n\nnet: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option :\n\nThe IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074)", "cvss3": {}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-846.NASL", "href": "https://www.tenable.com/plugins/nessus/100999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-846.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100999);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-8890\", \"CVE-2017-9059\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"ALAS\", value:\"2017-846\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-846)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Module reference leak due to improper shut down of callback channel on\numount :\n\nThe NFSv4 implementation in the Linux kernel through 4.11.1 allows\nlocal users to cause a denial of service (resource consumption) by\nleveraging improper channel callback shutdown when unmounting an NFSv4\nfilesystem, aka a 'module reference and kernel daemon' leak.\n(CVE-2017-9059)\n\nIncorrect overwrite check in __ip6_append_data() :\n\nThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux\nkernel through 4.11.3 is too late in checking whether an overwrite of\nan skb data structure may occur, which allows local users to cause a\ndenial of service (system crash) via crafted system calls.\n(CVE-2017-9242)\n\nDouble free in the inet_csk_clone_lock function in\nnet/ipv4/inet_connection_sock.c :\n\nThe inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in\nthe Linux kernel allows attackers to cause a denial of service (double\nfree) or possibly have unspecified other impact by leveraging use of\nthe accept system call. An unprivileged local user could use this flaw\nto induce kernel memory corruption on the system, leading to a crash.\nDue to the nature of the flaw, privilege escalation cannot be fully\nruled out, although we believe it is unlikely. (CVE-2017-8890)\n\nnet: tcp_v6_syn_recv_sock function mishandles inheritance :\n\nThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux\nkernel mishandles inheritance, which allows local users to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted system calls, a related issue to CVE-2017-8890 . An\nunprivileged local user could use this flaw to induce kernel memory\ncorruption on the system, leading to a crash. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9077)\n\nnet: IPv6 DCCP implementation mishandles inheritance\n\nThe IPv6 DCCP implementation in the Linux kernel mishandles\ninheritance, which allows local users to cause a denial of service or\npossibly have unspecified other impact via crafted system calls, a\nrelated issue to CVE-2017-8890 . An unprivileged local user could use\nthis flaw to induce kernel memory corruption on the system, leading to\na crash. Due to the nature of the flaw, privilege escalation cannot be\nfully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\nnet: sctp_v6_create_accept_sk function mishandles inheritance :\n\nThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux\nkernel mishandles inheritance, which allows local users to cause a\ndenial of service or possibly have unspecified other impact via\ncrafted system calls, a related issue to CVE-2017-8890 . An\nunprivileged local user could use this flaw to induce kernel memory\ncorruption on the system, leading to a crash. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely.(CVE-2017-9075)\n\nnet: IPv6 fragmentation implementation of nexthdr field may be\nassociated with an invalid option :\n\nThe IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid\noption, which allows local users to cause a denial of service\n(out-of-bounds read and BUG) or possibly have unspecified other impact\nvia crafted socket and send system calls. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9074)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-846.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.32-15.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.32-15.41.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:15", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3324-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100922);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3324-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3324-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3324-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic-lpae\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-lowlatency\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.10.0.24.26\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:08", "description": "USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101152);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3335-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3343-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3343-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-lowlatency\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.123.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:20", "description": "USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3343-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101153);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages. Note that the updated packages may not\nbe immediately available from the package repository or its mirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:54", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured.\n\n - CVE-2017-7645 Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service.\n\n - CVE-2017-7895 Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space.\n\n - CVE-2017-8064 Arnd Bergmann found that the DVB-USB core misused the device logging system, resulting in a use-after-free vulnerability, with unknown security impact.\n\n - CVE-2017-8890 It was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact.\n\n - CVE-2017-8924 Johan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected.\n\n - CVE-2017-8925 Johan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices.\n\n - CVE-2017-9074 Andrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash).\n\n - CVE-2017-9075 Andrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user.\n\n - CVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075.\n\n - CVE-2017-9242 Andrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation.\n\n - CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation.\n\n The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line.\n\n Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Debian DSA-3886-1 : linux - security update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8064", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3886.NASL", "href": "https://www.tenable.com/plugins/nessus/100877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3886. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100877);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-7895\", \"CVE-2017-8064\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"DSA\", value:\"3886\");\n\n script_name(english:\"Debian DSA-3886-1 : linux - security update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7487\n Li Qiang reported a reference counter leak in the\n ipxitf_ioctl function which may result into a\n use-after-free vulnerability, triggerable when a IPX\n interface is configured.\n\n - CVE-2017-7645\n Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd\n discovered that the NFSv2 and NFSv3 server\n implementations are vulnerable to an out-of-bounds\n memory access issue while processing arbitrarily long\n arguments sent by NFSv2/NFSv3 PRC clients, leading to a\n denial of service.\n\n - CVE-2017-7895\n Ari Kauppi from Synopsys Ltd discovered that the NFSv2\n and NFSv3 server implementations do not properly handle\n payload bounds checking of WRITE requests. A remote\n attacker with write access to a NFS mount can take\n advantage of this flaw to read chunks of arbitrary\n memory from both kernel-space and user-space.\n\n - CVE-2017-8064\n Arnd Bergmann found that the DVB-USB core misused the\n device logging system, resulting in a use-after-free\n vulnerability, with unknown security impact.\n\n - CVE-2017-8890\n It was discovered that the net_csk_clone_lock() function\n allows a remote attacker to cause a double free leading\n to a denial of service or potentially have other impact.\n\n - CVE-2017-8924\n Johan Hovold found that the io_ti USB serial driver\n could leak sensitive information if a malicious USB\n device was connected.\n\n - CVE-2017-8925\n Johan Hovold found a reference counter leak in the\n omninet USB serial driver, resulting in a use-after-free\n vulnerability. This can be triggered by a local user\n permitted to open tty devices.\n\n - CVE-2017-9074\n Andrey Konovalov reported that the IPv6 fragmentation\n implementation could read beyond the end of a packet\n buffer. A local user or guest VM might be able to use\n this to leak sensitive information or to cause a denial\n of service (crash).\n\n - CVE-2017-9075\n Andrey Konovalov reported that the SCTP/IPv6\n implementation wrongly initialised address lists on\n connected sockets, resulting in a use-after-free\n vulnerability, a similar issue to CVE-2017-8890. This\n can be triggered by any local user.\n\n - CVE-2017-9076 / CVE-2017-9077\n Cong Wang found that the TCP/IPv6 and DCCP/IPv6\n implementations wrongly initialised address lists on\n connected sockets, a similar issue to CVE-2017-9075.\n\n - CVE-2017-9242\n Andrey Konovalov reported a packet buffer overrun in the\n IPv6 implementation. A local user could use this for\n denial of service (memory corruption; crash) and\n possibly for privilege escalation.\n\n - CVE-2017-1000364\n The Qualys Research Labs discovered that the size of the\n stack guard page is not sufficiently large. The\n stack-pointer can jump over the guard-page and moving\n from the stack into another memory region without\n accessing the guard-page. In this case no page-fault\n exception is raised and the stack extends into the other\n memory region. An attacker can exploit this flaw for\n privilege escalation.\n\n The default stack gap protection is set to 256 pages and can be\n configured via the stack_guard_gap kernel parameter on the kernel\n command line.\n\n Further details can be found at\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3886\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.43-2+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u1 or earlier versions before the stretch\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.30-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:42", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-9075)\n\n - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n (CVE-2017-9077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8890", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0098_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/127323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0098. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127323);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2017-8890\",\n \"CVE-2017-9075\",\n \"CVE-2017-9076\",\n \"CVE-2017-9077\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allows attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call. An\n unprivileged local user could use this flaw to induce\n kernel memory corruption on the system, leading to a\n crash. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely. (CVE-2017-8890)\n\n - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandles inheritance, which allows\n local users to cause a denial of service or possibly\n have unspecified other impact via crafted system calls,\n a related issue to CVE-2017-8890. An unprivileged local\n user could use this flaw to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-9075)\n\n - The IPv6 DCCP implementation in the Linux kernel\n mishandles inheritance, which allows local users to\n cause a denial of service or possibly have unspecified\n other impact via crafted system calls, a related issue\n to CVE-2017-8890. An unprivileged local user could use\n this flaw to induce kernel memory corruption on the\n system, leading to a crash. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely. (CVE-2017-9076)\n\n - The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandles inheritance, which allows\n local users to cause a denial of service or possibly\n have unspecified other impact via crafted system calls,\n a related issue to CVE-2017-8890. An unprivileged local\n user could use this flaw to induce kernel memory\n corruption on the system, leading to a crash. Due to the\n nature of the flaw, privilege escalation cannot be fully\n ruled out, although we believe it is unlikely.\n (CVE-2017-9077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"kernel-2.6.32-642.13.1.el6.cgsl7399\",\n \"kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-debug-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-devel-2.6.32-642.13.1.el6.cgsl7399\",\n \"kernel-doc-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-firmware-2.6.32-642.13.1.el6.cgsl7259\",\n \"kernel-headers-2.6.32-642.13.1.el6.cgsl7399\",\n \"perf-2.6.32-642.13.1.el6.cgsl7259\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:45", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-5577", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3333-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3333-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100931);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3333-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nIt was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3333-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-5577\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3333-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-generic\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-generic-lpae\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-56-lowlatency\", pkgver:\"4.8.0-56.61~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.8.0.56.27\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:23", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.70 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670)\n\nThe following non-security bugs were fixed :\n\n - 9p: fix a potential acl leak (4.4.68 stable queue).\n\n - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal (bsc#1031717).\n\n - acpi / scan: Drop support for force_remove (bnc#1029607).\n\n - ahci: disable correct irq for dummy ports (bsc#1040125).\n\n - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68 stable queue).\n\n - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode (4.4.68 stable queue).\n\n - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable queue).\n\n - asoc: rt5640: use msleep() for long delays (bsc#1031717).\n\n - asoc: sti: Fix error handling if of_clk_get() fails (bsc#1031717).\n\n - blacklist 61e8a0d5a027 powerpc/pci: Fix endian bug in fixed PHB numbering (bsc#989311)\n\n - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue).\n\n - bna: avoid writing uninitialized data into hw registers (bsc#966321 FATE#320156).\n\n - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412 FATE#321671).\n\n - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable queue).\n\n - brcmfmac: Ensure pointer correctly set if skb data location changes (4.4.68 stable queue).\n\n - brcmfmac: Make skb header writable before use (4.4.68 stable queue).\n\n - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717).\n\n - btrfs: add a flags field to btrfs_fs_info (bsc#1012452).\n\n - btrfs: add ASSERT for block group's memory leak (bsc#1012452).\n\n - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452).\n\n - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452).\n\n - btrfs: add check to sysfs handler of label (bsc#1012452).\n\n - btrfs: add dynamic debug support (bsc#1012452).\n\n - btrfs: add error handling for extent buffer in print tree (bsc#1012452).\n\n - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452).\n\n - btrfs: add missing check for writeback errors on fsync (bsc#1012452).\n\n - btrfs: add more validation checks for superblock (bsc#1012452).\n\n - btrfs: Add ratelimit to btrfs printing (bsc#1012452).\n\n - btrfs: add read-only check to sysfs handler of features (bsc#1012452).\n\n - btrfs: add semaphore to synchronize direct IO writes with fsync (bsc#1012452).\n\n - btrfs: add tracepoint for adding block groups (bsc#1012452).\n\n - btrfs: add tracepoints for flush events (bsc#1012452).\n\n - btrfs: add validadtion checks for chunk loading (bsc#1012452).\n\n - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452).\n\n - btrfs: allow balancing to dup with multi-device (bsc#1012452).\n\n - btrfs: always reserve metadata for delalloc extents (bsc#1012452).\n\n - btrfs: always use trans->block_rsv for orphans (bsc#1012452).\n\n - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452).\n\n - btrfs: avoid deadlocks during reservations in btrfs_truncate_block (bsc#1012452).\n\n - btrfs: avoid overflowing f_bfree (bsc#1012452).\n\n - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452).\n\n - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space (bsc#1012452).\n\n - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452).\n\n - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined (bsc#1012452).\n\n - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction (bsc#1012452).\n\n - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup() (bsc#1012452).\n\n - btrfs: change delayed reservation fallback behavior (bsc#1012452).\n\n - btrfs: change how we calculate the global block rsv (bsc#1012452).\n\n - btrfs: check btree node's nritems (bsc#1012452).\n\n - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452).\n\n - btrfs: check inconsistence between chunk and block group (bsc#1012452).\n\n - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452).\n\n - btrfs: clean the old superblocks before freeing the device (bsc#1012452).\n\n - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452).\n\n - btrfs: cleanup assigning next active device with a check (bsc#1012452).\n\n - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452).\n\n - btrfs: Cleanup compress_file_range() (bsc#1012452).\n\n - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452).\n\n - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452).\n\n - btrfs: clone: use vmalloc only as fallback for nodesize bufer (bsc#1012452).\n\n - btrfs: convert nodesize macros to static inlines (bsc#1012452).\n\n - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452).\n\n - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452).\n\n - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452).\n\n - btrfs: copy_to_sk drop unused root parameter (bsc#1012452).\n\n - btrfs: create a helper function to read the disk super (bsc#1012452).\n\n - btrfs: create example debugfs file only in debugging build (bsc#1012452).\n\n - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452).\n\n - btrfs: create helper function __check_raid_min_devices() (bsc#1012452).\n\n - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452).\n\n - btrfs: divide btrfs_update_reserved_bytes() into two functions (bsc#1012452).\n\n - btrfs: do not background blkdev_put() (bsc#1012452).\n\n - btrfs: do not bother kicking async if there's nothing to reclaim (bsc#1012452).\n\n - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452).\n\n - btrfs: do not create empty block group if we have allocated data (bsc#1012452).\n\n - btrfs: do not decrease bytes_may_use when replaying extents (bsc#1012452).\n\n - btrfs: do not do nocow check unless we have to (bsc#1012452).\n\n - btrfs: do not do unnecessary delalloc flushes when relocating (bsc#1012452).\n\n - btrfs: do not force mounts to wait for cleaner_kthread to delete one or more subvolumes (bsc#1012452).\n\n - btrfs: do not wait for unrelated IO to finish before relocation (bsc#1012452).\n\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1035866).\n\n - btrfs: end transaction if we abort when creating uuid root (bsc#1012452).\n\n - btrfs: enhance btrfs_find_device_by_user_input() to check device path (bsc#1012452).\n\n - btrfs: error out if generic_bin_search get invalid arguments (bsc#1012452).\n\n - btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize (bsc#1012452).\n\n - btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset (bsc#1012452).\n\n - btrfs: fill relocation block rsv after allocation (bsc#1012452).\n\n - btrfs: fix an integer overflow check (bsc#1012452).\n\n - btrfs: fix a possible umount deadlock (bsc#1012452).\n\n - btrfs: fix btrfs_no_printk stub helper (bsc#1012452).\n\n - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452).\n\n - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452).\n\n - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452).\n\n - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452).\n\n - btrfs: fix check_shared for fiemap ioctl (bsc#1037177).\n\n - btrfs: fix crash when tracepoint arguments are freed by wq callbacks (bsc#1012452).\n\n - btrfs: fix data loss after truncate when using the no-holes feature (bsc#1036214).\n\n - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452).\n\n - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452).\n\n - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452).\n\n - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452).\n\n - btrfs: fix double free of fs root (bsc#1012452).\n\n - btrfs: fix eb memory leak due to readpage failure (bsc#1012452).\n\n - btrfs: fix em leak in find_first_block_group (bsc#1012452).\n\n - btrfs: fix emptiness check for dirtied extent buffers at check_leaf() (bsc#1012452).\n\n - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452).\n\n - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452).\n\n - btrfs: fix free space calculation in dump_space_info() (bsc#1012452).\n\n - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452).\n\n - btrfs: fix fspath error deallocation (bsc#1012452).\n\n - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452).\n\n - btrfs: Fix integer overflow when calculating bytes_per_bitmap (bsc#1012452).\n\n - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395).\n\n - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex and uuid_mutex (bsc#1012452).\n\n - btrfs: fix lock dep warning move scratch super outside of chunk_mutex (bsc#1012452).\n\n - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452).\n\n - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452).\n\n - btrfs: fix memory leak of block group cache (bsc#1012452).\n\n - btrfs: fix memory leak of reloc_root (bsc#1012452).\n\n - btrfs: fix mixed block count of available space (bsc#1012452).\n\n - btrfs: fix one bug that process may endlessly wait for ticket in wait_reserve_ticket() (bsc#1012452).\n\n - btrfs: fix panic in balance due to EIO (bsc#1012452).\n\n - btrfs: fix race between block group relocation and nocow writes (bsc#1012452).\n\n - btrfs: fix race between device replace and block group removal (bsc#1012452).\n\n - btrfs: fix race between device replace and chunk allocation (bsc#1012452).\n\n - btrfs: fix race between device replace and discard (bsc#1012452).\n\n - btrfs: fix race between device replace and read repair (bsc#1012452).\n\n - btrfs: fix race between fsync and direct IO writes for prealloc extents (bsc#1012452).\n\n - btrfs: fix race between readahead and device replace/removal (bsc#1012452).\n\n - btrfs: fix race setting block group back to RW mode during device replace (bsc#1012452).\n\n - btrfs: fix race setting block group readonly during device replace (bsc#1012452).\n\n - btrfs: fix read_node_slot to return errors (bsc#1012452).\n\n - btrfs: fix release reserved extents trace points (bsc#1012452).\n\n - btrfs: fix segmentation fault when doing dio read (bsc#1040425).\n\n - btrfs: Fix slab accounting flags (bsc#1012452).\n\n - btrfs: fix unexpected return value of fiemap (bsc#1012452).\n\n - btrfs: fix unprotected assignment of the left cursor for device replace (bsc#1012452).\n\n - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452).\n\n - btrfs: flush_space: treat return value of do_chunk_alloc properly (bsc#1012452).\n\n - btrfs: Force stripesize to the value of sectorsize (bsc#1012452).\n\n - btrfs: free sys_array eb as soon as possible (bsc#1012452).\n\n - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452).\n\n - btrfs: Handle uninitialised inode eviction (bsc#1012452).\n\n - btrfs: hide test-only member under ifdef (bsc#1012452).\n\n - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452).\n\n - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452).\n\n - btrfs: introduce device delete by devid (bsc#1012452).\n\n - btrfs: introduce raid-type to error-code table, for minimum device constraint (bsc#1012452).\n\n - btrfs: introduce ticketed enospc infrastructure (bsc#1012452).\n\n - btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress (bsc#1012452).\n\n - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452).\n\n - btrfs: kill BUG_ON in do_relocation (bsc#1012452).\n\n - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452).\n\n - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452).\n\n - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452).\n\n - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452).\n\n - btrfs: kill unused writepage_io_hook callback (bsc#1012452).\n\n - btrfs: make find_workspace always succeed (bsc#1012452).\n\n - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452).\n\n - btrfs: make mapping->writeback_index point to the last written page (bsc#1012452).\n\n - btrfs: make state preallocation more speculative in\n __set_extent_bit (bsc#1012452).\n\n - btrfs: make sure device is synced before return (bsc#1012452).\n\n - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452).\n\n - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device() (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree leaf (bsc#1012452).\n\n - btrfs: memset to avoid stale content in btree node block (bsc#1012452).\n\n - btrfs: move error handling code together in ctree.h (bsc#1012452).\n\n - btrfs: optimize check for stale device (bsc#1012452).\n\n - btrfs: parent_start initialization cleanup (bsc#1012452).\n\n - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452).\n\n - btrfs: pass number of devices to btrfs_check_raid_min_devices (bsc#1012452).\n\n - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452).\n\n - btrfs: preallocate compression workspaces (bsc#1012452).\n\n - btrfs: Ratelimit 'no csum found' info message (bsc#1012452).\n\n - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452).\n\n - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning (bsc#1012452).\n\n - btrfs: remove BUG() in raid56 (bsc#1012452).\n\n - btrfs: remove BUG_ON in start_transaction (bsc#1012452).\n\n - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452).\n\n - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: remove save_error_info() (bsc#1012452).\n\n - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf (bsc#1012452).\n\n - btrfs: remove unused function btrfs_assert() (bsc#1012452).\n\n - btrfs: rename and document compression workspace members (bsc#1012452).\n\n - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452).\n\n - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452).\n\n - btrfs: rename __check_raid_min_devices (bsc#1012452).\n\n - btrfs: rename flags for vol args v2 (bsc#1012452).\n\n - btrfs: reorg btrfs_close_one_device() (bsc#1012452).\n\n - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452).\n\n - btrfs: reuse existing variable in scrub_stripe, reduce stack usage (bsc#1012452).\n\n - btrfs: s_bdev is not null after missing replace (bsc#1012452).\n\n - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block (bsc#1012452).\n\n - btrfs: send: silence an integer overflow warning (bsc#1012452).\n\n - btrfs: send: use temporary variable to store allocation size (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for clone_sources_tmp (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452).\n\n - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452).\n\n - btrfs: Simplify conditions about compress while mapping btrfs flags to inode flags (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452).\n\n - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_extent_new (bsc#1012452).\n\n - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452).\n\n - btrfs: skip commit transaction if we do not have enough pinned bytes (bsc#1037186).\n\n - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452).\n\n - btrfs: switch to common message helpers in open_ctree, adjust messages (bsc#1012452).\n\n - btrfs: sysfs: protect reading label by lock (bsc#1012452).\n\n - btrfs: trace pinned extents (bsc#1012452).\n\n - btrfs: track transid for delayed ref flushing (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, move struct btrfs_ioctl_defrag_range_args (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines (bsc#1012452).\n\n - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452).\n\n - btrfs: unsplit printed strings (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452).\n\n - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452).\n\n - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452).\n\n - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452).\n\n - btrfs: Use correct format specifier (bsc#1012452).\n\n - btrfs: use correct offset for reloc_inode in prealloc_file_extent_cluster() (bsc#1012452).\n\n - btrfs: use dynamic allocation for root item in create_subvol (bsc#1012452).\n\n - btrfs: use existing device constraints table btrfs_raid_array (bsc#1012452).\n\n - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes (bsc#1012452).\n\n - btrfs: use fs_info directly (bsc#1012452).\n\n - btrfs: use new error message helper in qgroup_account_snapshot (bsc#1012452).\n\n - btrfs: use root when checking need_async_flush (bsc#1012452).\n\n - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452).\n\n - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452).\n\n - btrfs: warn_on for unaccounted spaces (bsc#1012452).\n\n - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864).\n\n - ceph: Check that the new inode size is within limits in ceph_fallocate() (bsc#1037969).\n\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n\n - ceph: fix file open flags on ppc64 (bsc#1022266).\n\n - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763).\n\n - cifs: backport prepath matching fix (bsc#799133).\n\n - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue).\n\n - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (4.4.68 stable queue).\n\n - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717).\n\n - crypto: sha-mb - Fix load failure (bsc#1037384).\n\n - dell-laptop: Adds support for keyboard backlight timeout AC settings (bsc#1013561).\n\n - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500).\n\n - dmaengine: dw: fix typo in Kconfig (bsc#1031717).\n\n - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125).\n\n - dm-mpath: fix race window in do_end_io() (bsc#1011044).\n\n - dm round robin: do not use this_cpu_ptr() without having preemption disabled (bsc#1040125).\n\n - dm verity fec: fix block calculation (bsc#1040125).\n\n - dm verity fec: fix bufio leaks (bsc#1040125).\n\n - dm verity fec: limit error correction recursion (bsc#1040125).\n\n - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments (bsc#1031717).\n\n - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O (bsc#1031717).\n\n - drm/i915: Disable tv output on i9x5gm (bsc#1039700).\n\n - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error (bsc#1031717).\n\n - drm/i915: Fix mismatched INIT power domain disabling during suspend (bsc#1031717).\n\n - drm/i915: Nuke debug messages from the pipe update critical section (bsc#1031717).\n\n - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() (bsc#1031717).\n\n - drm/i915: relax uncritical udelay_range() settings (bsc#1031717).\n\n - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl (bsc#1040463).\n\n - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable queue).\n\n - e1000e: Do not return uninitialized stats (bug#1034635).\n\n - enic: set skb->hash type properly (bsc#922871 fate#318754).\n\n - f2fs: fix bad prefetchw of NULL page (bsc#1012829).\n\n - f2fs: sanity check segment count (4.4.68 stable queue).\n\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n\n - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes).\n\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n\n - ibmvnic: Add set_link_state routine for setting adapter link state (fate#322021, bsc#1031512).\n\n - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021, bsc#1038297).\n\n - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297).\n\n - ibmvnic: Continue skb processing after skb completion error (fate#322021, bsc#1038297).\n\n - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the bounce buffer (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the rx pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init and release routines for the tx pool (fate#322021, bsc#1031512).\n\n - ibmvnic: Create init/release routines for stats token (fate#322021, bsc#1031512).\n\n - ibmvnic: Delete napi's when releasing driver resources (fate#322021, bsc#1038297).\n\n - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512).\n\n - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021, bsc#1031512).\n\n - ibmvnic: fix missing unlock on error in\n __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes:\n ed651a10875f).\n\n - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512).\n\n - ibmvnic: Free skb's in cases of failure in transmit (fate#322021, bsc#1031512).\n\n - ibmvnic: Insert header on VLAN tagged received frame (fate#322021, bsc#1031512).\n\n - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021, bsc#1031512).\n\n - ibmvnic: Move initialization of the stats token to ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021, bsc#1038297).\n\n - ibmvnic: Move resource initialization to its own routine (fate#322021, bsc#1038297).\n\n - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512).\n\n - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297).\n\n - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512).\n\n - ibmvnic: Remove inflight list (fate#322021, bsc#1031512).\n\n - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512).\n\n - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297).\n\n - ibmvnic: Report errors when failing to release sub-crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512).\n\n - ibmvnic: Split initialization of scrqs to its own routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512).\n\n - ibmvnic: Updated reset handling (fate#322021, bsc#1038297).\n\n - ibmvnic: Update main crq initialization and release (fate#322021, bsc#1031512).\n\n - ibmvnic: Validate napi exist before disabling them (fate#322021, bsc#1031512).\n\n - ibmvnic: Wait for any pending scrqs entries at driver close (fate#322021, bsc#1038297).\n\n - ibmvnic: Whitespace correction in release_rx_pools (fate#322021, bsc#1038297).\n\n - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717).\n\n - iio: Workaround for kABI breakage by 4.4.67 iio hid-sensor changes (stable-4.4.67).\n\n - infiniband: avoid dereferencing uninitialized dst on error path (git-fixes).\n\n - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843).\n\n - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842).\n\n - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848).\n\n - iommu: Handle default domain attach failure (bsc#1038846).\n\n - iommu/vt-d: Do not over-free page table directories (bsc#1038847).\n\n - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header (4.4.68 stable queue).\n\n - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable queue).\n\n - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable queue).\n\n - isa: Call isa_bus_init before dependent ISA bus drivers register (bsc#1031717).\n\n - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570).\n\n - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n\n - kABI: move and hide new cxgbi device owner field (bsc#1018885).\n\n - kABI: protect cgroup include in kernel/kthread (kabi).\n\n - kABI: protect struct mnt_namespace (kabi).\n\n - kABI: protect struct snd_fw_async_midi_port (kabi).\n\n - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed (4.4.68 stable queue).\n\n - kvm: better MWAIT emulation for guests (bsc#1031142).\n\n - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue).\n\n - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue).\n\n - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable queue).\n\n - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125).\n\n - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes (bsc#1003581).\n\n - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices (bsc#1003581).\n\n - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125).\n\n - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421).\n\n - locking/ww_mutex: Fix compilation of\n __WW_MUTEX_INITIALIZER (bsc#1031717).\n\n - lpfc: remove incorrect lockdep assertion (bsc#1040125).\n\n - md.c:didn't unlock the mddev before return EINVAL in array_size_store (bsc#1038143).\n\n - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087).\n\n - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop (bsc#1038142).\n\n - md/raid1: avoid reusing a resync bio after error handling (Fate#311379).\n\n - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717).\n\n - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717).\n\n - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717).\n\n - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717).\n\n - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717).\n\n - media: cx23885: uninitialized variable in cx23885_av_work_handler() (bsc#1031717).\n\n - media: DaVinci-VPBE: Check return value of a setup_if_config() call in vpbe_set_output() (bsc#1031717).\n\n - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717).\n\n - media: dib0700: fix NULL-deref at probe (bsc#1031717).\n\n - media: dvb-usb: avoid link error with dib3000m(b,c| (bsc#1031717).\n\n - media: exynos4-is: fix a format string bug (bsc#1031717).\n\n - media: gspca: konica: add missing endpoint sanity check (bsc#1031717).\n\n - media: lirc_imon: do not leave imon_probe() with mutex held (bsc#1031717).\n\n - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717).\n\n - media: rc: allow rc modules to be loaded if rc-main is not a module (bsc#1031717).\n\n - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717).\n\n - media: sh-vou: clarify videobuf2 dependency (bsc#1031717).\n\n - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs() (bsc#1031717).\n\n - media: usbvision: fix NULL-deref at probe (bsc#1031717).\n\n - media: uvcvideo: Fix empty packet statistic (bsc#1031717).\n\n - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue).\n\n - mmc: debugfs: correct wrong voltage value (bsc#1031717).\n\n - mm,compaction: serialize waitqueue_active() checks (bsc#971975).\n\n - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717).\n\n - mmc: sdhci: restore behavior when setting VDD via external regulator (bsc#1031717).\n\n - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM -- git fixes).\n\n - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue).\n\n - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable queue).\n\n - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717).\n\n - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717).\n\n - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue).\n\n - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'chan_num' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717).\n\n - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717).\n\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n\n - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes).\n\n - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes).\n\n - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes).\n\n - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes).\n\n - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (bsc#1004003).\n\n - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (bsc#1004003).\n\n - pci: pciehp: Prioritize data-link event over presence detect (bsc#1031040,bsc#1037483).\n\n - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057).\n\n - pci: Work around Intel Sunrise Point PCH incorrect ACS capability (bsc#1030057).\n\n - perf/x86/intel/uncore: Remove SBOX support for Broadwell server (bsc#1035887).\n\n - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue).\n\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985).\n\n - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717).\n\n - platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks (bsc#1031717).\n\n - PM / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717).\n\n - PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs (bsc#1031717).\n\n - PM / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717).\n\n - power: