The SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed :
CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.
The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).
CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.
The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).
The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).
CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).
CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).
CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).
CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).
CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).
CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).
CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).
CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347).
CVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).
CVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519).
CVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938).
CVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).
(bnc#1140671).
CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's KVM hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).
CVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122).
CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555).
CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112).
CVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361).
CVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612).
CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025).
CVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527).
CVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522).
CVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394).
CVE-2017-18379: An out-of-boundary access was fixed in the drivers/nvme/target module (bnc#1143187).
CVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524).
CVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526).
CVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529).
CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).
CVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516).
CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).
CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)
CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865).
CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378).
CVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).
CVE-2019-15239: A incorrect patch to net/ipv4 was fixed. By adding to a write queue between disconnection and re-connection, a local attacker could trigger multiple use-after-free conditions. This could result in kernel crashes or potentially in privilege escalation.
(bnc#1146589)
CVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391).
CVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584).
CVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519).
CVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519).
CVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519).
CVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413).
CVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).
CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285).
CVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c driver (bnc#1146163).
CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966)
CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967)
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
{"id": "SUSE_SU-2019-2949-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)", "description": "The SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938).\n\nCVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).\n(bnc#1140671).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's KVM hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361).\n\nCVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394).\n\nCVE-2017-18379: An out-of-boundary access was fixed in the drivers/nvme/target module (bnc#1143187).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15239: A incorrect patch to net/ipv4 was fixed. By adding to a write queue between disconnection and re-connection, a local attacker could trigger multiple use-after-free conditions. This could result in kernel crashes or potentially in privilege escalation.\n(bnc#1146589)\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519).\n\nCVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285).\n\nCVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c driver (bnc#1146163).\n\nCVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966)\n\nCVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2019-11-13T00:00:00", "modified": "2023-01-19T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/130949", "reporter": "This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14816/", "https://www.suse.com/security/cve/CVE-2019-15666/", "https://www.suse.com/security/cve/CVE-2019-15215/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15215", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098", "https://bugzilla.suse.com/show_bug.cgi?id=1144903", "https://bugzilla.suse.com/show_bug.cgi?id=1146589", "https://bugzilla.suse.com/show_bug.cgi?id=1152788", "https://bugzilla.suse.com/show_bug.cgi?id=1146543", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18379", "https://bugzilla.suse.com/show_bug.cgi?id=1146514", "https://bugzilla.suse.com/show_bug.cgi?id=1148394", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15924", "https://www.suse.com/security/cve/CVE-2017-18509/", "https://www.suse.com/security/cve/CVE-2019-17056/", "https://www.suse.com/security/cve/CVE-2019-17055/", "https://bugzilla.suse.com/show_bug.cgi?id=1146540", "https://bugzilla.suse.com/show_bug.cgi?id=1141054", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9456", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15927", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15220", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16234", "https://www.suse.com/security/cve/CVE-2019-16232/", "https://bugzilla.suse.com/show_bug.cgi?id=1149612", "https://bugzilla.suse.com/show_bug.cgi?id=1147022", "https://www.suse.com/security/cve/CVE-2019-15291/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272", "https://www.suse.com/security/cve/CVE-2019-15220/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10220", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976", "https://bugzilla.suse.com/show_bug.cgi?id=1146285", "https://www.suse.com/security/cve/CVE-2019-15218/", "https://bugzilla.suse.com/show_bug.cgi?id=1146378", "https://bugzilla.suse.com/show_bug.cgi?id=1149083", "https://bugzilla.suse.com/show_bug.cgi?id=1151347", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16995", "https://www.suse.com/security/cve/CVE-2019-16234/", "https://bugzilla.suse.com/show_bug.cgi?id=1143187", "https://bugzilla.suse.com/show_bug.cgi?id=1149555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15219", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18595", "https://bugzilla.suse.com/show_bug.cgi?id=1154103", "https://bugzilla.suse.com/show_bug.cgi?id=1152782", "https://www.suse.com/security/cve/CVE-2019-15217/", "https://bugzilla.suse.com/show_bug.cgi?id=1146526", "https://bugzilla.suse.com/show_bug.cgi?id=1149527", "https://bugzilla.suse.com/show_bug.cgi?id=1146547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15218", "https://bugzilla.suse.com/show_bug.cgi?id=1153158", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15902", "https://www.suse.com/security/cve/CVE-2019-15098/", "https://bugzilla.suse.com/show_bug.cgi?id=1139073", "https://bugzilla.suse.com/show_bug.cgi?id=1146413", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15239", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18551", "https://bugzilla.suse.com/show_bug.cgi?id=1152685", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291", "https://www.suse.com/security/cve/CVE-2018-12207/", "https://bugzilla.suse.com/show_bug.cgi?id=1133140", "https://www.suse.com/security/cve/CVE-2019-0155/", "https://bugzilla.suse.com/show_bug.cgi?id=1135967", "https://www.suse.com/security/cve/CVE-2019-15290/", "https://www.suse.com/security/cve/CVE-2019-15926/", "https://www.suse.com/security/cve/CVE-2019-15216/", "https://bugzilla.suse.com/show_bug.cgi?id=1117665", "https://bugzilla.suse.com/show_bug.cgi?id=1150465", "https://bugzilla.suse.com/show_bug.cgi?id=1155671", "https://www.suse.com/security/cve/CVE-2019-15902/", "https://www.suse.com/security/cve/CVE-2019-15221/", "https://bugzilla.suse.com/show_bug.cgi?id=1150727", "https://www.suse.com/security/cve/CVE-2019-15212/", "https://bugzilla.suse.com/show_bug.cgi?id=1150025", "https://bugzilla.suse.com/show_bug.cgi?id=1136261", "https://www.suse.com/security/cve/CVE-2019-15214/", "https://bugzilla.suse.com/show_bug.cgi?id=1137865", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056", "https://bugzilla.suse.com/show_bug.cgi?id=1154372", "https://bugzilla.suse.com/show_bug.cgi?id=1149376", "http://www.nessus.org/u?b73bfe19", "https://bugzilla.suse.com/show_bug.cgi?id=1150112", "https://www.suse.com/security/cve/CVE-2019-14835/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16233", "https://bugzilla.suse.com/show_bug.cgi?id=1146516", "https://bugzilla.suse.com/show_bug.cgi?id=1153263", "https://www.suse.com/security/cve/CVE-2016-10906/", "https://bugzilla.suse.com/show_bug.cgi?id=1155131", "https://bugzilla.suse.com/show_bug.cgi?id=1151350", "https://www.suse.com/security/cve/CVE-2019-10220/", "https://bugzilla.suse.com/show_bug.cgi?id=1146512", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15216", "https://bugzilla.suse.com/show_bug.cgi?id=1146361", "https://bugzilla.suse.com/show_bug.cgi?id=1145477", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155", "https://www.suse.com/security/cve/CVE-2019-16413/", "https://www.suse.com/security/cve/CVE-2019-0154/", "https://bugzilla.suse.com/show_bug.cgi?id=1150457", "https://bugzilla.suse.com/show_bug.cgi?id=1141013", "https://www.suse.com/security/cve/CVE-2019-14814/", "https://www.suse.com/security/cve/CVE-2018-20976/", "https://www.suse.com/security/cve/CVE-2017-18595/", "https://www.suse.com/security/cve/CVE-2019-15505/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14815", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15807", "https://www.suse.com/security/cve/CVE-2019-16233/", "https://www.suse.com/support/kb/doc/?id=7024251", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15214", "https://bugzilla.suse.com/show_bug.cgi?id=1146519", "https://bugzilla.suse.com/show_bug.cgi?id=1051510", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15926", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133", "https://bugzilla.suse.com/show_bug.cgi?id=1146042", "https://bugzilla.suse.com/show_bug.cgi?id=1146524", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16413", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906", "https://bugzilla.suse.com/show_bug.cgi?id=1150452", "https://www.suse.com/security/cve/CVE-2019-14821/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814", "https://www.suse.com/security/cve/CVE-2019-14815/", "https://bugzilla.suse.com/show_bug.cgi?id=1147122", "https://www.suse.com/security/cve/CVE-2017-18379/", "https://www.suse.com/security/cve/CVE-2019-16995/", "https://www.suse.com/security/cve/CVE-2019-11135/", "https://bugzilla.suse.com/show_bug.cgi?id=1146529", "https://bugzilla.suse.com/show_bug.cgi?id=1146425", "https://www.suse.com/security/cve/CVE-2019-17666/", "https://www.suse.com/support/kb/doc/?id=7023735", "https://www.suse.com/security/cve/CVE-2019-15924/", "https://www.suse.com/security/cve/CVE-2019-15219/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0154", "https://www.suse.com/security/cve/CVE-2019-15927/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15217", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232", "https://www.suse.com/security/cve/CVE-2019-15239/", "https://www.suse.com/security/cve/CVE-2019-15807/", "https://bugzilla.suse.com/show_bug.cgi?id=1142458", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207", "https://bugzilla.suse.com/show_bug.cgi?id=1150942", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816", "https://bugzilla.suse.com/show_bug.cgi?id=1149522", "https://www.suse.com/security/cve/CVE-2019-9506/", "https://bugzilla.suse.com/show_bug.cgi?id=1131107", "https://www.suse.com/security/cve/CVE-2019-15211/", "https://bugzilla.suse.com/show_bug.cgi?id=1144123", "https://bugzilla.suse.com/show_bug.cgi?id=1146163", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15221", "https://bugzilla.suse.com/show_bug.cgi?id=1135966", "https://www.suse.com/security/cve/CVE-2019-9456/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15666", "https://bugzilla.suse.com/show_bug.cgi?id=1084878", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15211", "https://bugzilla.suse.com/show_bug.cgi?id=1146550", "https://bugzilla.suse.com/show_bug.cgi?id=1146584", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18509", "https://bugzilla.suse.com/show_bug.cgi?id=1140671", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15212", "https://www.suse.com/security/cve/CVE-2017-18551/", "https://www.suse.com/security/cve/CVE-2019-17133/", "https://bugzilla.suse.com/show_bug.cgi?id=1148938", "https://www.suse.com/security/cve/CVE-2019-13272/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666", "https://bugzilla.suse.com/show_bug.cgi?id=1146391"], "cvelist": ["CVE-2016-10906", "CVE-2017-18379", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-13272", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-9456", "CVE-2019-9506"], "immutableFields": [], "lastseen": "2023-05-24T14:32:15", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:0279", "ALSA-2020:4431"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-11135"]}, {"type": "amazon", "idList": ["ALAS-2019-1232", "ALAS-2019-1281", "ALAS-2019-1293", "ALAS-2019-1318", "ALAS-2019-1322", "ALAS2-2019-1232", "ALAS2-2019-1293", "ALAS2-2019-1364", "ALAS2-2019-1366"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-08-01", "ANDROID:2019-09-01", "ANDROID:2019-12-01", "ANDROID:2020-01-01", "ANDROID:2020-03-01"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "archlinux", "idList": ["ASA-201911-10", "ASA-201911-11", "ASA-201911-12", "ASA-201911-14", "ASA-201911-9"]}, {"type": "attackerkb", "idList": ["AKB:ADDB2585-1F1E-4954-96CC-D10B59171D41"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2019:2829", "CESA-2019:2863", "CESA-2019:3055", "CESA-2019:3834", "CESA-2019:3836", "CESA-2019:3872", "CESA-2019:3878", "CESA-2019:3979", "CESA-2019:4256", "CESA-2020:0366", "CESA-2020:0374", "CESA-2020:0375", "CESA-2020:0790", "CESA-2020:0839", "CESA-2020:1016", "CESA-2020:1524", "CESA-2020:4060"]}, {"type": "cert", "idList": ["VU:918987"]}, {"type": "cisa", "idList": ["CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2019-13272"]}, {"type": "cisco", "idList": ["CISCO-SA-20190813-BLUETOOTH"]}, {"type": "citrix", "idList": ["CTX263684"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:4B913DD833B6E5177FC994D420712CC4", "CFOUNDRY:6AF202D824CCBDB8B52AD0B7707645BF", "CFOUNDRY:7D5F114602BB1B4781BFC57065F20675", "CFOUNDRY:7D6795462AFD47DE31FD5B40467B68C4", "CFOUNDRY:80ADC4D2DAC039EB92288FD623A42C24", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:A6BB54E614972BC1F16419D7DB82331A", "CFOUNDRY:A9246B54233F05FAAFEBCA42A471540D", "CFOUNDRY:BC8FE7ADD7CE210F5A18A29FE6851CCC", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2", "CFOUNDRY:DF07D4C717AC736D9D7D72B02A5FA2CB", "CFOUNDRY:F1FD906C8A4009015525A4BE5BA37775"]}, {"type": "cve", "idList": ["CVE-2016-10906", "CVE-2017-18379", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-13272", "CVE-2019-1391", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-19338", "CVE-2019-19339", "CVE-2019-9456", "CVE-2019-9506"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1862-1:8E150", "DEBIAN:DLA-1863-1:26EA8", "DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-1940-1:E2E46", "DEBIAN:DLA-1989-1:8096A", "DEBIAN:DLA-1990-1:DF706", "DEBIAN:DLA-2051-1:B1C56", "DEBIAN:DLA-2051-1:E78EE", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DSA-4484-1:6701B", "DEBIAN:DSA-4484-1:9995E", "DEBIAN:DSA-4531-1:4D1BF", "DEBIAN:DSA-4531-1:D6D1F", "DEBIAN:DSA-4564-1:E0777", "DEBIAN:DSA-4564-1:F8764", "DEBIAN:DSA-4565-1:21F87", "DEBIAN:DSA-4565-1:A4209", "DEBIAN:DSA-4565-2:013FD", "DEBIAN:DSA-4565-2:D5727", "DEBIAN:DSA-4602-1:C29F7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10906", "DEBIANCVE:CVE-2017-18379", "DEBIANCVE:CVE-2017-18509", "DEBIANCVE:CVE-2017-18551", "DEBIANCVE:CVE-2017-18595", "DEBIANCVE:CVE-2018-12207", "DEBIANCVE:CVE-2018-20976", "DEBIANCVE:CVE-2019-0154", "DEBIANCVE:CVE-2019-0155", "DEBIANCVE:CVE-2019-10220", "DEBIANCVE:CVE-2019-11135", "DEBIANCVE:CVE-2019-13272", "DEBIANCVE:CVE-2019-14814", "DEBIANCVE:CVE-2019-14815", "DEBIANCVE:CVE-2019-14816", "DEBIANCVE:CVE-2019-14821", "DEBIANCVE:CVE-2019-14835", "DEBIANCVE:CVE-2019-15098", "DEBIANCVE:CVE-2019-15211", "DEBIANCVE:CVE-2019-15212", "DEBIANCVE:CVE-2019-15214", "DEBIANCVE:CVE-2019-15215", "DEBIANCVE:CVE-2019-15216", "DEBIANCVE:CVE-2019-15217", "DEBIANCVE:CVE-2019-15218", "DEBIANCVE:CVE-2019-15219", "DEBIANCVE:CVE-2019-15220", "DEBIANCVE:CVE-2019-15221", "DEBIANCVE:CVE-2019-15239", "DEBIANCVE:CVE-2019-15291", "DEBIANCVE:CVE-2019-15505", "DEBIANCVE:CVE-2019-15666", "DEBIANCVE:CVE-2019-15807", "DEBIANCVE:CVE-2019-15902", "DEBIANCVE:CVE-2019-15924", "DEBIANCVE:CVE-2019-15926", "DEBIANCVE:CVE-2019-15927", "DEBIANCVE:CVE-2019-16232", "DEBIANCVE:CVE-2019-16233", "DEBIANCVE:CVE-2019-16234", "DEBIANCVE:CVE-2019-16413", "DEBIANCVE:CVE-2019-16995", "DEBIANCVE:CVE-2019-17055", "DEBIANCVE:CVE-2019-17056", "DEBIANCVE:CVE-2019-17133", "DEBIANCVE:CVE-2019-17666", "DEBIANCVE:CVE-2019-19338", "DEBIANCVE:CVE-2019-9456", "DEBIANCVE:CVE-2019-9506"]}, {"type": "exploitdb", "idList": ["EDB-ID:47163", "EDB-ID:47543", "EDB-ID:50541"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D90904EBF8E708574C2B9C142AE64E32"]}, {"type": "f5", "idList": ["F5:K01993501", "F5:K02912734", "F5:K04043655", "F5:K10269585", "F5:K17269881", "F5:K28222050", "F5:K29203191", "F5:K30183369", "F5:K32034450", "F5:K41582535", "F5:K43239141", "F5:K47227224", "F5:K48073202", "F5:K51813353", "F5:K52136304", "F5:K52325031", "F5:K53420251", "F5:K54811521", "F5:K55335001", "F5:K56851402", "F5:K57536416", "F5:K59513013", "F5:K61214359", "F5:K63176101", "F5:K73659122", "F5:K74012105", "F5:K84933088", "F5:K91025336"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:07FF360D17A8", "FEDORA:0B78D60E1FD1", "FEDORA:15CCC60D3105", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2CDA460E9B22", "FEDORA:2E87261278ED", "FEDORA:308A766A87C1", "FEDORA:344346042F3E", "FEDORA:347EC6014770", "FEDORA:371E06040B12", "FEDORA:3972A60A351B", "FEDORA:3AF72606FD79", "FEDORA:4002B609954A", "FEDORA:4CEF5610D7CA", "FEDORA:511A7608E6E1", "FEDORA:5180160A98F9", "FEDORA:51B856067EB8", "FEDORA:5445B61185FA", "FEDORA:56A076119752", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:5F24260E9922", "FEDORA:5FE4A6076D31", "FEDORA:6014560A35D1", "FEDORA:628EB603ECD0", "FEDORA:6D8F5627F513", "FEDORA:6D98A6187237", "FEDORA:754F860A98ED", "FEDORA:7800D60DF3BF", "FEDORA:7E825606351A", "FEDORA:803AE30C6416", "FEDORA:804E860A98ED", "FEDORA:87DAB6118614", "FEDORA:89A31604C861", "FEDORA:8C2F86119EC0", "FEDORA:8DEB0604D0FE", "FEDORA:8FEA960A4096", "FEDORA:94BC060A4ECF", "FEDORA:9801060D30FA", "FEDORA:9E9D96119EC1", "FEDORA:A0668610D7D1", "FEDORA:AC5E86062CAB", "FEDORA:AE8986042F2B", "FEDORA:B7184611861B", "FEDORA:BF5EC607125E", "FEDORA:C1D196119EC1", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C597E610D7D2", "FEDORA:C63426076F58", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D9A2B60E1FCB", "FEDORA:E9C7E608767D", "FEDORA:EC9F26076D31"]}, {"type": "fortinet", "idList": ["FG-IR-19-224"]}, {"type": "freebsd", "idList": ["ECB7FDEC-0B82-11EA-874D-0C9D925BBBC0", "EDC0BF7E-05A1-11EA-9DFA-F8B156AC3FF9", "FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-19:25.MCEPSC", "FREEBSD_ADVISORY:FREEBSD-SA-19:26.MCU"]}, {"type": "gentoo", "idList": ["GLSA-202003-56"]}, {"type": "githubexploit", "idList": ["1DCD6499-0990-565E-9159-24DBA1428255", "21C02459-836A-5B10-9130-27953475DA2A", "3EFA325D-5BA7-5EF3-9D27-F1E642D0DE95", "8C344C6F-D882-5801-AA22-22F5F3F4B4DB", "A491F600-7BE4-59CB-8F2A-56EA5DF22964", "BFC7AA0E-B692-55B8-BECA-F6DAF024FADD", "DADF6C7C-8CAD-5148-81FC-1572BAD544E9"]}, {"type": "hp", "idList": ["HP:C06501965", "HP:C06502052", "HP:C06521007"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190828-01-KNOB", "HUAWEI-SA-20200115-01-QEMU"]}, {"type": "ibm", "idList": ["0FC7CED4B78FA51F433FBF3BAC439FB6F67980E97861DB61D5E227DA0D8C5CFF", "22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "24400C9D70BA9E11A467C03D5072550ABC0427709E1B129CDE6B8C00AC26633B", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "3D1FD9B5927004B8B7B1CB77FE467A67DED4E5A078A791448C81D1500BA2A09E", "4613957D820DCAFBB74BE1CB304042BC2F40D11AC7189E7AD20080A2A94DA39A", "63B8DACF4D9207A80DC8478A9FE0FEBB4F6D6599EFEA8DD045EEBEA18CA79689", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "6D5DF12FB27293DC2112B69929AB6CFC7CE456E303952D8CE9040C6671A30910", "7BC7CA8D64FDAEBF4F352ECFBEED45FBB2063AF88351F5C93320EBBDB29E51B4", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "86C7951371BC0A7800D1FEBC038565FA28DED7D904E47462C3F5395FDE8AB9C9", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "9C5DF437CF62931EFEC03F0486D943184BF2DD6EABEC3C8E5309C6E15C55C4C1", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E", "B947805A29EE83AAAED8ABADDD8CFF00AA389BFC4D7DDC49FC3A89A557DD856C", "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "D12C469715C8550A5DBD0ABD5099324400BF0BAE58ADBB7CB7FABF1B45899623", "DE367A059D35C909557795AD50F02620921B5CC13CC7F375C7C2F83A009A984C", "ED8A3D1B7861E9FADE2E56F3710C2F426BD0F046968D24A2807B0DBC778A1AA1", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F8CEB533FA9C1B8ED5CD7460C1ECAE11617B8D3B6DF044FE71A22BC22E7FA595"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00210", "INTEL:INTEL-SA-00242", "INTEL:INTEL-SA-00260", "INTEL:INTEL-SA-00270"]}, {"type": "kaspersky", "idList": ["KLA11534", "KLA11608", "KLA11871", "KLA11989", "KLA12121"]}, {"type": "lenovo", "idList": ["LENOVO:PS500267-ENCRYPTION-KEY-NEGOTIATION-OF-BLUETOOTH-VULNERABILITY-NOSID", "LENOVO:PS500267-NOSID", "LENOVO:PS500276-INTEL-GRAPHICS-VULNERABILITIES-NOSID", "LENOVO:PS500276-NOSID", "LENOVO:PS500279-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOSID", "LENOVO:PS500279-NOSID", "LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0287", "MGASA-2019-0288", "MGASA-2019-0306", "MGASA-2019-0332", "MGASA-2019-0333", "MGASA-2019-0334", "MGASA-2019-0413", "MGASA-2020-0113"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B7AA161DBAFDA8D7D246FF7D80A9ADC4"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-PTRACE_TRACEME_PKEXEC_HELPER-"]}, {"type": "mscve", "idList": ["MS:CVE-2018-12207", "MS:CVE-2019-11135", "MS:CVE-2019-9506"]}, {"type": "mskb", "idList": ["KB4523205", "KB4524570", "KB4525232", "KB4525233", "KB4525234", "KB4525235", "KB4525236", "KB4525237", "KB4525239", "KB4525241", "KB4525243", "KB4525245", "KB4525246", "KB4525250", "KB4525253"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1293.NASL", "AL2_ALAS-2019-1364.NASL", "AL2_ALAS-2019-1366.NASL", "ALA_ALAS-2019-1281.NASL", "ALA_ALAS-2019-1293.NASL", "ALA_ALAS-2019-1318.NASL", "ALA_ALAS-2019-1322.NASL", "ALMA_LINUX_ALSA-2020-0279.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "CENTOS8_RHSA-2019-2411.NASL", "CENTOS8_RHSA-2019-2827.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS8_RHSA-2019-3871.NASL", "CENTOS8_RHSA-2020-0279.NASL", "CENTOS8_RHSA-2020-0339.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2019-2829.NASL", "CENTOS_RHSA-2019-2863.NASL", "CENTOS_RHSA-2019-3055.NASL", "CENTOS_RHSA-2019-3834.NASL", "CENTOS_RHSA-2019-3836.NASL", "CENTOS_RHSA-2019-3872.NASL", "CENTOS_RHSA-2019-3878.NASL", "CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2019-4256.NASL", "CENTOS_RHSA-2020-0366.NASL", "CENTOS_RHSA-2020-0374.NASL", "CENTOS_RHSA-2020-0375.NASL", "CENTOS_RHSA-2020-0790.NASL", "CENTOS_RHSA-2020-0839.NASL", "CENTOS_RHSA-2020-1524.NASL", "CENTOS_RHSA-2020-4060.NASL", "DEBIAN_DLA-1862.NASL", "DEBIAN_DLA-1863.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-1940.NASL", "DEBIAN_DLA-1989.NASL", "DEBIAN_DLA-1990.NASL", "DEBIAN_DLA-2051.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DSA-4484.NASL", "DEBIAN_DSA-4497.NASL", "DEBIAN_DSA-4531.NASL", "DEBIAN_DSA-4564.NASL", "DEBIAN_DSA-4565.NASL", "DEBIAN_DSA-4602.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-1972.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2106.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1308.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1430.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1790.NASL", "EULEROS_SA-2020-1792.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2856.NASL", "EULEROS_SA-2021-2857.NASL", "F5_BIGIP_SOL17269881.NASL", "F5_BIGIP_SOL48073202.NASL", "FEDORA_2019-124A241044.NASL", "FEDORA_2019-15E141C6A7.NASL", "FEDORA_2019-1689D3FE07.NASL", "FEDORA_2019-376EC5C107.NASL", "FEDORA_2019-41E28660AE.NASL", "FEDORA_2019-4C91A2F76E.NASL", "FEDORA_2019-68D7F68507.NASL", "FEDORA_2019-6A67FF8793.NASL", "FEDORA_2019-7A3FC17778.NASL", "FEDORA_2019-97380355AE.NASL", "FEDORA_2019-A570A92D5A.NASL", "FEDORA_2019-A95015E60F.NASL", "FEDORA_2019-B1DE72B00B.NASL", "FEDORA_2019-B86A7BDBA0.NASL", "FEDORA_2019-CBB732F760.NASL", "FEDORA_2019-E3010166BD.NASL", "FREEBSD_PKG_ECB7FDEC0B8211EA874D0C9D925BBBC0.NASL", "FREEBSD_PKG_EDC0BF7E05A111EA9DFAF8B156AC3FF9.NASL", "FREEBSD_PKG_FBE10A8A05A111EA9DFAF8B156AC3FF9.NASL", "GENTOO_GLSA-202003-56.NASL", "MACOSX_FUSION_VMSA_2019_0021.NASL", "MICROSOFT_WINDOWS_SPEC_EXECUTION.NBIN", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0212_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0221_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0222_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0008_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0010_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0043_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0050_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0098_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_1.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_3.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_0_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_17_1_3.NASL", "NUTANIX_NXSA-AOS-5_17_1_5.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2504.NASL", "OPENSUSE-2019-2505.NASL", "OPENSUSE-2019-2506.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2508.NASL", "OPENSUSE-2019-2509.NASL", "OPENSUSE-2019-2510.NASL", "OPENSUSE-2019-2527.NASL", "OPENSUSE-2019-2528.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-2710.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2827.NASL", "ORACLELINUX_ELSA-2019-2829.NASL", "ORACLELINUX_ELSA-2019-2863.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-3832.NASL", "ORACLELINUX_ELSA-2019-3834.NASL", "ORACLELINUX_ELSA-2019-3836.NASL", "ORACLELINUX_ELSA-2019-3871.NASL", "ORACLELINUX_ELSA-2019-3872.NASL", "ORACLELINUX_ELSA-2019-3878.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4256.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4789.NASL", "ORACLELINUX_ELSA-2019-4799.NASL", "ORACLELINUX_ELSA-2019-4800.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4810.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4837.NASL", "ORACLELINUX_ELSA-2019-4838.NASL", "ORACLELINUX_ELSA-2019-4839.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2019-4854.NASL", "ORACLELINUX_ELSA-2019-4855.NASL", "ORACLELINUX_ELSA-2019-4870.NASL", "ORACLELINUX_ELSA-2019-4871.NASL", "ORACLELINUX_ELSA-2019-4872.NASL", "ORACLELINUX_ELSA-2019-4878.NASL", "ORACLELINUX_ELSA-2020-0279.NASL", "ORACLELINUX_ELSA-2020-0339.NASL", "ORACLELINUX_ELSA-2020-0366.NASL", "ORACLELINUX_ELSA-2020-0374.NASL", "ORACLELINUX_ELSA-2020-0790.NASL", "ORACLELINUX_ELSA-2020-0834.NASL", "ORACLELINUX_ELSA-2020-1524.NASL", "ORACLELINUX_ELSA-2020-2082.NASL", "ORACLELINUX_ELSA-2020-5508.NASL", "ORACLELINUX_ELSA-2020-5511.NASL", "ORACLELINUX_ELSA-2020-5512.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5535.NASL", "ORACLELINUX_ELSA-2020-5541.NASL", "ORACLELINUX_ELSA-2020-5559.NASL", "ORACLELINUX_ELSA-2020-5560.NASL", "ORACLELINUX_ELSA-2020-5569.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5750.NASL", "ORACLELINUX_ELSA-2020-5754.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5804.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2021-9442.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLELINUX_ELSA-2021-9473.NASL", "ORACLEVM_OVMSA-2019-0044.NASL", "ORACLEVM_OVMSA-2019-0052.NASL", "ORACLEVM_OVMSA-2019-0054.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0026.NASL", "ORACLEVM_OVMSA-2020-0027.NASL", "ORACLEVM_OVMSA-2020-0028.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0030.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "PHOTONOS_PHSA-2019-1_0-0251_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0252_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0255_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0259_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0189_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0191_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0030_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0034_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0279_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0212_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2809.NASL", "REDHAT-RHSA-2019-2827.NASL", "REDHAT-RHSA-2019-2828.NASL", "REDHAT-RHSA-2019-2829.NASL", "REDHAT-RHSA-2019-2830.NASL", "REDHAT-RHSA-2019-2854.NASL", "REDHAT-RHSA-2019-2862.NASL", "REDHAT-RHSA-2019-2863.NASL", "REDHAT-RHSA-2019-2864.NASL", "REDHAT-RHSA-2019-2865.NASL", "REDHAT-RHSA-2019-2866.NASL", "REDHAT-RHSA-2019-2867.NASL", "REDHAT-RHSA-2019-2869.NASL", "REDHAT-RHSA-2019-2889.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2901.NASL", "REDHAT-RHSA-2019-2924.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3165.NASL", "REDHAT-RHSA-2019-3187.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3218.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2019-3231.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2019-3832.NASL", "REDHAT-RHSA-2019-3833.NASL", "REDHAT-RHSA-2019-3834.NASL", "REDHAT-RHSA-2019-3835.NASL", "REDHAT-RHSA-2019-3836.NASL", "REDHAT-RHSA-2019-3837.NASL", "REDHAT-RHSA-2019-3838.NASL", "REDHAT-RHSA-2019-3839.NASL", "REDHAT-RHSA-2019-3840.NASL", "REDHAT-RHSA-2019-3841.NASL", "REDHAT-RHSA-2019-3842.NASL", "REDHAT-RHSA-2019-3843.NASL", "REDHAT-RHSA-2019-3844.NASL", "REDHAT-RHSA-2019-3860.NASL", "REDHAT-RHSA-2019-3870.NASL", "REDHAT-RHSA-2019-3871.NASL", "REDHAT-RHSA-2019-3872.NASL", "REDHAT-RHSA-2019-3873.NASL", "REDHAT-RHSA-2019-3877.NASL", "REDHAT-RHSA-2019-3878.NASL", "REDHAT-RHSA-2019-3883.NASL", "REDHAT-RHSA-2019-3887.NASL", "REDHAT-RHSA-2019-3889.NASL", "REDHAT-RHSA-2019-3908.NASL", "REDHAT-RHSA-2019-3936.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2019-4154.NASL", "REDHAT-RHSA-2019-4245.NASL", "REDHAT-RHSA-2019-4256.NASL", "REDHAT-RHSA-2020-0026.NASL", "REDHAT-RHSA-2020-0027.NASL", "REDHAT-RHSA-2020-0028.NASL", "REDHAT-RHSA-2020-0174.NASL", "REDHAT-RHSA-2020-0178.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-0279.NASL", "REDHAT-RHSA-2020-0328.NASL", "REDHAT-RHSA-2020-0339.NASL", "REDHAT-RHSA-2020-0366.NASL", "REDHAT-RHSA-2020-0374.NASL", "REDHAT-RHSA-2020-0375.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0555.NASL", "REDHAT-RHSA-2020-0592.NASL", "REDHAT-RHSA-2020-0609.NASL", "REDHAT-RHSA-2020-0653.NASL", "REDHAT-RHSA-2020-0661.NASL", "REDHAT-RHSA-2020-0664.NASL", "REDHAT-RHSA-2020-0666.NASL", "REDHAT-RHSA-2020-0730.NASL", "REDHAT-RHSA-2020-0740.NASL", "REDHAT-RHSA-2020-0790.NASL", "REDHAT-RHSA-2020-0831.NASL", "REDHAT-RHSA-2020-0834.NASL", "REDHAT-RHSA-2020-0839.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-1266.NASL", "REDHAT-RHSA-2020-1347.NASL", "REDHAT-RHSA-2020-1353.NASL", "REDHAT-RHSA-2020-1460.NASL", "REDHAT-RHSA-2020-1465.NASL", "REDHAT-RHSA-2020-1473.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-1524.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-2214.NASL", "REDHAT-RHSA-2020-2242.NASL", "REDHAT-RHSA-2020-2277.NASL", "REDHAT-RHSA-2020-2285.NASL", "REDHAT-RHSA-2020-2289.NASL", "REDHAT-RHSA-2020-2522.NASL", "REDHAT-RHSA-2020-2851.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5206.NASL", "REDHAT-RHSA-2020-5430.NASL", "REDHAT-RHSA-2020-5656.NASL", "SLACKWARE_SSA_2019-202-01.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "SLACKWARE_SSA_2019-320-01.NASL", "SLACKWARE_SSA_2020-008-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "SL_20190920_KERNEL_ON_SL7_X.NASL", "SL_20190923_KERNEL_ON_SL6_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20191113_KERNEL_ON_SL6_X.NASL", "SL_20191113_KERNEL_ON_SL7_X.NASL", "SL_20191114_KERNEL_ON_SL6_X.NASL", "SL_20191114_KERNEL_ON_SL7_X.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20191217_KERNEL_ON_SL6_X.NASL", "SL_20200205_KERNEL_ON_SL7_X.NASL", "SL_20200205_QEMU_KVM_ON_SL7_X.NASL", "SL_20200311_KERNEL_ON_SL6_X.NASL", "SL_20200317_KERNEL_ON_SL7_X.NASL", "SL_20200422_KERNEL_ON_SL6_X.NASL", "SL_20200512_KERNEL_ON_SL7_X.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS19_AUG_4511553.NASL", "SMB_NT_MS19_AUG_4512488.NASL", "SMB_NT_MS19_AUG_4512497.NASL", "SMB_NT_MS19_AUG_4512501.NASL", "SMB_NT_MS19_AUG_4512506.NASL", "SMB_NT_MS19_AUG_4512507.NASL", "SMB_NT_MS19_AUG_4512508.NASL", "SMB_NT_MS19_AUG_4512516.NASL", "SMB_NT_MS19_AUG_4512517.NASL", "SMB_NT_MS19_AUG_4512518.NASL", "SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525232.NASL", "SMB_NT_MS19_NOV_4525234.NASL", "SMB_NT_MS19_NOV_4525235.NASL", "SMB_NT_MS19_NOV_4525236.NASL", "SMB_NT_MS19_NOV_4525237.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4525243.NASL", "SMB_NT_MS19_NOV_4525246.NASL", "SOLARIS_JUL2020_SRU11_4_21_69_0.NASL", "SUSE_SU-2019-14217-1.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-14220-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2600-1.NASL", "SUSE_SU-2019-2601-1.NASL", "SUSE_SU-2019-2613-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2829-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2948-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2954-1.NASL", "SUSE_SU-2019-2955-1.NASL", "SUSE_SU-2019-2956-1.NASL", "SUSE_SU-2019-2957-1.NASL", "SUSE_SU-2019-2958-1.NASL", "SUSE_SU-2019-2959-1.NASL", "SUSE_SU-2019-2960-1.NASL", "SUSE_SU-2019-2961-1.NASL", "SUSE_SU-2019-2962-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-2986-1.NASL", "SUSE_SU-2019-2987-1.NASL", "SUSE_SU-2019-2988-1.NASL", "SUSE_SU-2019-3091-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3232-1.NASL", "SUSE_SU-2019-3233-1.NASL", "SUSE_SU-2019-3237-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3260-1.NASL", "SUSE_SU-2019-3261-1.NASL", "SUSE_SU-2019-3263-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3297-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3340-1.NASL", "SUSE_SU-2019-3348-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0334-1.NASL", "SUSE_SU-2020-0388-1.NASL", "SUSE_SU-2020-14444-1.NASL", "SUSE_SU-2020-1767-1.NASL", "SUSE_SU-2020-1784-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2497-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL", "UBUNTU_USN-4144-1.NASL", "UBUNTU_USN-4145-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4157-1.NASL", "UBUNTU_USN-4157-2.NASL", "UBUNTU_USN-4162-1.NASL", "UBUNTU_USN-4163-1.NASL", "UBUNTU_USN-4182-1.NASL", "UBUNTU_USN-4182-3.NASL", "UBUNTU_USN-4183-1.NASL", "UBUNTU_USN-4183-2.NASL", "UBUNTU_USN-4184-1.NASL", "UBUNTU_USN-4184-2.NASL", "UBUNTU_USN-4185-1.NASL", "UBUNTU_USN-4185-3.NASL", "UBUNTU_USN-4186-1.NASL", "UBUNTU_USN-4186-3.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4210-1.NASL", "UBUNTU_USN-4211-1.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4227-1.NASL", "UBUNTU_USN-4254-1.NASL", "UBUNTU_USN-4258-1.NASL", "UBUNTU_USN-4284-1.NASL", "UBUNTU_USN-4285-1.NASL", "UBUNTU_USN-4286-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4302-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2019-074.NASL", "VIRTUOZZO_VZA-2019-086.NASL", "VIRTUOZZO_VZA-2019-089.NASL", "VIRTUOZZO_VZA-2020-011.NASL", "VIRTUOZZO_VZA-2020-013.NASL", "VIRTUOZZO_VZA-2020-037.NASL", "VMWARE_VMSA-2019-0020.NASL", "VMWARE_WORKSTATION_VMSA_2019_0021.NASL", "XEN_SERVER_XSA-304.NASL", "XEN_SERVER_XSA-305.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310112644", "OPENVAS:1361412562310704484", "OPENVAS:1361412562310704497", "OPENVAS:1361412562310704531", "OPENVAS:1361412562310704564", "OPENVAS:1361412562310704565", "OPENVAS:1361412562310704602", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310815438", "OPENVAS:1361412562310815439", "OPENVAS:1361412562310815720", "OPENVAS:1361412562310815722", "OPENVAS:1361412562310815834", "OPENVAS:1361412562310815835", "OPENVAS:1361412562310815836", "OPENVAS:1361412562310815837", "OPENVAS:1361412562310815839", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844182", "OPENVAS:1361412562310844191", "OPENVAS:1361412562310844192", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844203", "OPENVAS:1361412562310844208", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310844210", "OPENVAS:1361412562310844229", "OPENVAS:1361412562310844230", "OPENVAS:1361412562310844231", "OPENVAS:1361412562310844233", "OPENVAS:1361412562310844234", "OPENVAS:1361412562310844235", "OPENVAS:1361412562310844236", "OPENVAS:1361412562310844256", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844258", "OPENVAS:1361412562310844263", "OPENVAS:1361412562310844274", "OPENVAS:1361412562310844277", "OPENVAS:1361412562310844282", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844314", "OPENVAS:1361412562310844316", "OPENVAS:1361412562310844341", "OPENVAS:1361412562310844342", "OPENVAS:1361412562310844343", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844364", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852737", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310852771", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852773", "OPENVAS:1361412562310852774", "OPENVAS:1361412562310852777", "OPENVAS:1361412562310852810", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852883", "OPENVAS:1361412562310852891", "OPENVAS:1361412562310852919", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852957", "OPENVAS:1361412562310852970", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310876583", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876744", "OPENVAS:1361412562310876747", "OPENVAS:1361412562310876749", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876751", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876811", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876842", "OPENVAS:1361412562310876868", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876870", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876930", "OPENVAS:1361412562310876939", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876993", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876996", "OPENVAS:1361412562310876997", "OPENVAS:1361412562310876998", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877000", "OPENVAS:1361412562310877001", "OPENVAS:1361412562310877045", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877081", "OPENVAS:1361412562310877102", "OPENVAS:1361412562310877111", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877140", "OPENVAS:1361412562310877144", "OPENVAS:1361412562310877149", "OPENVAS:1361412562310877161", "OPENVAS:1361412562310877169", "OPENVAS:1361412562310877197", "OPENVAS:1361412562310877198", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877213", "OPENVAS:1361412562310877281", "OPENVAS:1361412562310877292", "OPENVAS:1361412562310877293", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877391", "OPENVAS:1361412562310877407", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310883113", "OPENVAS:1361412562310883115", "OPENVAS:1361412562310883117", "OPENVAS:1361412562310883131", "OPENVAS:1361412562310883133", "OPENVAS:1361412562310883134", "OPENVAS:1361412562310883135", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310883149", "OPENVAS:1361412562310883177", "OPENVAS:1361412562310883179", "OPENVAS:1361412562310883191", "OPENVAS:1361412562310883200", "OPENVAS:1361412562310883210", "OPENVAS:1361412562310883220", "OPENVAS:1361412562310891862", "OPENVAS:1361412562310891863", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310891940", "OPENVAS:1361412562310891989", "OPENVAS:1361412562310891990", "OPENVAS:1361412562310892051", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220191972", "OPENVAS:1361412562311220192081", "OPENVAS:1361412562311220192106", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201308", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201790", "OPENVAS:1361412562311220201792"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2411", "ELSA-2019-2703", "ELSA-2019-2827", "ELSA-2019-2829", "ELSA-2019-2863", "ELSA-2019-3055", "ELSA-2019-3517", "ELSA-2019-3832", "ELSA-2019-3834", "ELSA-2019-3836", "ELSA-2019-3871", "ELSA-2019-3872", "ELSA-2019-3878", "ELSA-2019-3979", "ELSA-2019-4256", "ELSA-2019-4746", "ELSA-2019-4789", "ELSA-2019-4799", "ELSA-2019-4800", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4820", "ELSA-2019-4836", "ELSA-2019-4837", "ELSA-2019-4838", "ELSA-2019-4839", "ELSA-2019-4850", "ELSA-2019-4854", "ELSA-2019-4855", "ELSA-2019-4867", "ELSA-2019-4868", "ELSA-2019-4870", "ELSA-2019-4871", "ELSA-2019-4872", "ELSA-2019-4878", "ELSA-2020-0279", "ELSA-2020-0339", "ELSA-2020-0366", "ELSA-2020-0374", "ELSA-2020-0790", "ELSA-2020-0834", "ELSA-2020-1016", "ELSA-2020-1116", "ELSA-2020-1524", "ELSA-2020-1769", "ELSA-2020-1864", "ELSA-2020-2082", "ELSA-2020-4060", "ELSA-2020-4431", "ELSA-2020-5508", "ELSA-2020-5511", "ELSA-2020-5512", "ELSA-2020-5533", "ELSA-2020-5535", "ELSA-2020-5541", "ELSA-2020-5559", "ELSA-2020-5560", "ELSA-2020-5569", "ELSA-2020-5670", "ELSA-2020-5676", "ELSA-2020-5715", "ELSA-2020-5750", "ELSA-2020-5753", "ELSA-2020-5754", "ELSA-2020-5755", "ELSA-2020-5804", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2021-9442", "ELSA-2021-9459", "ELSA-2021-9473"]}, {"type": "osv", "idList": ["OSV:ASB-A-172999675", "OSV:CVE-2018-12207", "OSV:CVE-2019-11135", "OSV:DLA-1862-1", "OSV:DLA-1863-1", "OSV:DLA-1884-1", "OSV:DLA-1885-1", "OSV:DLA-1919-1", "OSV:DLA-1930-1", "OSV:DLA-1940-1", "OSV:DLA-1989-1", "OSV:DLA-1990-1", "OSV:DLA-2051-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1", "OSV:DSA-4484-1", "OSV:DSA-4497-1", "OSV:DSA-4531-1", "OSV:DSA-4564-1", "OSV:DSA-4565-1", "OSV:DSA-4602-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154957", "PACKETSTORM:156929", "PACKETSTORM:165051"]}, {"type": "photon", "idList": ["PHSA-2018-0031", "PHSA-2018-0150", "PHSA-2019-0015", "PHSA-2019-0021", "PHSA-2019-0026", "PHSA-2019-0030", "PHSA-2019-0034", "PHSA-2019-0036", "PHSA-2019-0046", "PHSA-2019-0128", "PHSA-2019-0151", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0162", "PHSA-2019-0165", "PHSA-2019-0175", "PHSA-2019-0178", "PHSA-2019-0189", "PHSA-2019-0191", "PHSA-2019-0194", "PHSA-2019-0206", "PHSA-2019-0236", "PHSA-2019-0245", "PHSA-2019-0250", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0255", "PHSA-2019-0259", "PHSA-2019-1.0-0206", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0248", "PHSA-2019-1.0-0251", "PHSA-2019-1.0-0252", "PHSA-2019-1.0-0255", "PHSA-2019-1.0-0259", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0175", "PHSA-2019-2.0-0189", "PHSA-2019-2.0-0191", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0034", "PHSA-2019-3.0-0036", "PHSA-2019-3.0-0046", "PHSA-2020-0052", "PHSA-2020-0065", "PHSA-2020-0212", "PHSA-2020-0214", "PHSA-2020-0238", "PHSA-2020-0266", "PHSA-2020-0274", "PHSA-2020-0279", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-2.0-0212", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0065", "PHSA-2020-3.0-0118", "PHSA-2021-0007", "PHSA-2021-4.0-0007"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3"]}, {"type": "redhat", "idList": ["RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2809", "RHSA-2019:2827", "RHSA-2019:2828", "RHSA-2019:2829", "RHSA-2019:2830", "RHSA-2019:2854", "RHSA-2019:2862", "RHSA-2019:2863", "RHSA-2019:2864", "RHSA-2019:2865", "RHSA-2019:2866", "RHSA-2019:2867", "RHSA-2019:2869", "RHSA-2019:2889", "RHSA-2019:2899", "RHSA-2019:2900", "RHSA-2019:2901", "RHSA-2019:2924", "RHSA-2019:2975", "RHSA-2019:3055", "RHSA-2019:3076", "RHSA-2019:3089", "RHSA-2019:3165", "RHSA-2019:3187", "RHSA-2019:3217", "RHSA-2019:3218", "RHSA-2019:3220", "RHSA-2019:3231", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2019:3832", "RHSA-2019:3833", "RHSA-2019:3834", "RHSA-2019:3835", "RHSA-2019:3836", "RHSA-2019:3837", "RHSA-2019:3838", "RHSA-2019:3839", "RHSA-2019:3840", "RHSA-2019:3841", "RHSA-2019:3842", "RHSA-2019:3843", "RHSA-2019:3844", "RHSA-2019:3860", "RHSA-2019:3870", "RHSA-2019:3871", "RHSA-2019:3872", "RHSA-2019:3873", "RHSA-2019:3877", "RHSA-2019:3878", "RHSA-2019:3883", "RHSA-2019:3887", "RHSA-2019:3889", "RHSA-2019:3908", "RHSA-2019:3916", "RHSA-2019:3936", "RHSA-2019:3941", "RHSA-2019:3978", "RHSA-2019:3979", "RHSA-2019:4154", "RHSA-2019:4245", "RHSA-2019:4256", "RHSA-2020:0026", "RHSA-2020:0027", "RHSA-2020:0028", "RHSA-2020:0174", "RHSA-2020:0178", "RHSA-2020:0204", "RHSA-2020:0279", "RHSA-2020:0328", "RHSA-2020:0339", "RHSA-2020:0366", "RHSA-2020:0374", "RHSA-2020:0375", "RHSA-2020:0543", "RHSA-2020:0555", "RHSA-2020:0592", "RHSA-2020:0609", "RHSA-2020:0653", "RHSA-2020:0661", "RHSA-2020:0664", "RHSA-2020:0666", "RHSA-2020:0730", "RHSA-2020:0740", "RHSA-2020:0790", "RHSA-2020:0831", "RHSA-2020:0834", "RHSA-2020:0839", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:1266", "RHSA-2020:1347", "RHSA-2020:1353", "RHSA-2020:1460", "RHSA-2020:1465", "RHSA-2020:1473", "RHSA-2020:1493", "RHSA-2020:1524", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2082", "RHSA-2020:2085", "RHSA-2020:2104", "RHSA-2020:2214", "RHSA-2020:2242", "RHSA-2020:2277", "RHSA-2020:2285", "RHSA-2020:2289", "RHSA-2020:2522", "RHSA-2020:2851", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5206", "RHSA-2020:5430", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2020:5656"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10906", "RH:CVE-2017-18379", "RH:CVE-2017-18509", "RH:CVE-2017-18551", "RH:CVE-2017-18595", "RH:CVE-2018-12207", "RH:CVE-2018-20976", "RH:CVE-2019-0154", "RH:CVE-2019-0155", "RH:CVE-2019-10220", "RH:CVE-2019-11135", "RH:CVE-2019-13272", "RH:CVE-2019-14814", "RH:CVE-2019-14815", "RH:CVE-2019-14816", "RH:CVE-2019-14821", "RH:CVE-2019-14835", "RH:CVE-2019-15098", "RH:CVE-2019-15211", "RH:CVE-2019-15212", "RH:CVE-2019-15214", "RH:CVE-2019-15215", "RH:CVE-2019-15216", "RH:CVE-2019-15217", "RH:CVE-2019-15218", "RH:CVE-2019-15219", "RH:CVE-2019-15220", "RH:CVE-2019-15221", "RH:CVE-2019-15239", "RH:CVE-2019-15290", "RH:CVE-2019-15291", "RH:CVE-2019-15505", "RH:CVE-2019-15666", "RH:CVE-2019-15807", "RH:CVE-2019-15902", "RH:CVE-2019-15924", "RH:CVE-2019-15926", "RH:CVE-2019-15927", "RH:CVE-2019-16232", "RH:CVE-2019-16233", "RH:CVE-2019-16234", "RH:CVE-2019-16413", "RH:CVE-2019-16995", "RH:CVE-2019-17055", "RH:CVE-2019-17056", "RH:CVE-2019-17133", "RH:CVE-2019-17666", "RH:CVE-2019-19338", "RH:CVE-2019-19339", "RH:CVE-2019-9456", "RH:CVE-2019-9506"]}, {"type": "rocky", "idList": ["RLSA-2020:0279"]}, {"type": "slackware", "idList": ["SSA-2019-202-01", "SSA-2019-226-01", "SSA-2019-311-01", "SSA-2019-320-01", "SSA-2020-008-01", "SSA-2020-086-01", "SSA-2021-202-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2307-1", "OPENSUSE-SU-2019:2308-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2504-1", "OPENSUSE-SU-2019:2505-1", "OPENSUSE-SU-2019:2506-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2509-1", "OPENSUSE-SU-2019:2510-1", "OPENSUSE-SU-2019:2527-1", "OPENSUSE-SU-2019:2528-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2019:2710-1"]}, {"type": "symantec", "idList": ["SMNTC-109509", "SMNTC-110240", "SMNTC-110546", "SMNTC-110803", "SMNTC-110805", "SMNTC-110841", "SMNTC-110843", "SMNTC-111292", "SMNTC-111341"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:2317E195EA00288327BADFBE0E5DBA9A", "THN:7C2166B58EF6EE65AF920B2CE0FD9845"]}, {"type": "threatpost", "idList": ["THREATPOST:00D23B55537D30A2F2BE05DA9507449A", "THREATPOST:0C3D5795D480495E2117878151D25765", "THREATPOST:25E72D5927161BC631CDDD38FB642431", "THREATPOST:62D876A38CF65F658A4E0332E90F521A", "THREATPOST:EA093948BFD7033F5C9DB5B3199BEED4"]}, {"type": "ubuntu", "idList": ["USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4115-1", "USN-4115-2", "USN-4117-1", "USN-4118-1", "USN-4135-1", "USN-4135-2", "USN-4144-1", "USN-4145-1", "USN-4147-1", "USN-4157-1", "USN-4157-2", "USN-4162-1", "USN-4162-2", "USN-4163-1", "USN-4163-2", "USN-4182-1", "USN-4182-2", "USN-4182-3", "USN-4182-4", "USN-4183-1", "USN-4183-2", "USN-4184-1", "USN-4184-2", "USN-4185-1", "USN-4185-2", "USN-4185-3", "USN-4186-1", "USN-4186-2", "USN-4186-3", "USN-4187-1", "USN-4188-1", "USN-4208-1", "USN-4210-1", "USN-4211-1", "USN-4211-2", "USN-4226-1", "USN-4227-1", "USN-4227-2", "USN-4254-1", "USN-4254-2", "USN-4258-1", "USN-4284-1", "USN-4285-1", "USN-4286-1", "USN-4286-2", "USN-4287-1", "USN-4287-2", "USN-4302-1", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1", "USN-4904-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10906", "UB:CVE-2017-18379", "UB:CVE-2017-18509", "UB:CVE-2017-18551", "UB:CVE-2017-18595", "UB:CVE-2018-12207", "UB:CVE-2018-20976", "UB:CVE-2019-0154", "UB:CVE-2019-0155", "UB:CVE-2019-10220", "UB:CVE-2019-11135", "UB:CVE-2019-13272", "UB:CVE-2019-14814", "UB:CVE-2019-14815", "UB:CVE-2019-14816", "UB:CVE-2019-14821", "UB:CVE-2019-14835", "UB:CVE-2019-15098", "UB:CVE-2019-15211", "UB:CVE-2019-15212", "UB:CVE-2019-15214", "UB:CVE-2019-15215", "UB:CVE-2019-15216", "UB:CVE-2019-15217", "UB:CVE-2019-15218", "UB:CVE-2019-15219", "UB:CVE-2019-15220", "UB:CVE-2019-15221", "UB:CVE-2019-15239", "UB:CVE-2019-15291", "UB:CVE-2019-15505", "UB:CVE-2019-15666", "UB:CVE-2019-15807", "UB:CVE-2019-15902", "UB:CVE-2019-15924", "UB:CVE-2019-15926", "UB:CVE-2019-15927", "UB:CVE-2019-16232", "UB:CVE-2019-16233", "UB:CVE-2019-16234", "UB:CVE-2019-16413", "UB:CVE-2019-16995", "UB:CVE-2019-17055", "UB:CVE-2019-17056", "UB:CVE-2019-17133", "UB:CVE-2019-17666", "UB:CVE-2019-19338", "UB:CVE-2019-19339", "UB:CVE-2019-9454", "UB:CVE-2019-9456", "UB:CVE-2019-9506"]}, {"type": "veracode", "idList": ["VERACODE:21657", "VERACODE:21942", "VERACODE:21943", "VERACODE:21944", "VERACODE:21948", "VERACODE:22028", "VERACODE:22331", "VERACODE:22480", "VERACODE:22791", "VERACODE:25104", "VERACODE:25397", "VERACODE:25427", "VERACODE:25434", "VERACODE:25831", "VERACODE:27119", "VERACODE:27310", "VERACODE:27753", "VERACODE:29327", "VERACODE:29333", "VERACODE:29338", "VERACODE:29339"]}, {"type": "virtuozzo", "idList": ["VZA-2019-074", "VZA-2019-086", "VZA-2019-088", "VZA-2019-089", "VZA-2020-010", "VZA-2020-011", "VZA-2020-013", "VZA-2020-036", "VZA-2020-037"]}, {"type": "vmware", "idList": ["VMSA-2019-0020"]}, {"type": "xen", "idList": ["XSA-304", "XSA-305"]}, {"type": "zdt", "idList": ["1337DAY-ID-32994", "1337DAY-ID-33027", "1337DAY-ID-33410", "1337DAY-ID-34151", "1337DAY-ID-37072"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2019-1281", "ALAS-2019-1293", "ALAS-2019-1318", "ALAS-2019-1322"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-08-01", "ANDROID:2019-12-01", "ANDROID:2020-01-01", "ANDROID:2020-03-01", "ANDROID:2021-02-01"]}, {"type": "apple", "idList": ["APPLE:100C3E37B89C4B8E50DE097059456EC2", "APPLE:42A8665131AAD41DD01DD2DE9BBDEBC5", "APPLE:48DFAA81838B82F0614B9A03F99F251D", "APPLE:819AEF513AB880D6C4F6CA66CB3C0021", "APPLE:HT210346", "APPLE:HT210348", "APPLE:HT210351", "APPLE:HT210353"]}, {"type": "archlinux", "idList": ["ASA-201911-10", "ASA-201911-11", "ASA-201911-14", "ASA-201911-9"]}, {"type": "attackerkb", "idList": ["AKB:ADDB2585-1F1E-4954-96CC-D10B59171D41"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2019:2829", "CESA-2019:2863", "CESA-2019:3055", "CESA-2019:3834", "CESA-2019:3836", "CESA-2019:3872", "CESA-2019:3878", "CESA-2019:3979", "CESA-2019:4256", "CESA-2020:0839", "CESA-2020:1016", "CESA-2020:1524"]}, {"type": "cert", "idList": ["VU:918987"]}, {"type": "cisa", "idList": ["CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisco", "idList": ["CISCO-SA-20190813-BLUETOOTH"]}, {"type": "citrix", "idList": ["CTX263684"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:4B913DD833B6E5177FC994D420712CC4", "CFOUNDRY:6AF202D824CCBDB8B52AD0B7707645BF", "CFOUNDRY:7D5F114602BB1B4781BFC57065F20675", "CFOUNDRY:80ADC4D2DAC039EB92288FD623A42C24", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:A6BB54E614972BC1F16419D7DB82331A", "CFOUNDRY:A9246B54233F05FAAFEBCA42A471540D", "CFOUNDRY:BC8FE7ADD7CE210F5A18A29FE6851CCC", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:DF07D4C717AC736D9D7D72B02A5FA2CB", "CFOUNDRY:F1FD906C8A4009015525A4BE5BA37775"]}, {"type": "cve", "idList": ["CVE-2016-10906", "CVE-2017-18379", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-13272", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-9456", "CVE-2019-9506"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1862-1:8E150", "DEBIAN:DLA-1863-1:26EA8", "DEBIAN:DLA-1884-1:61F35", "DEBIAN:DLA-1885-1:84558", "DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-1940-1:E2E46", "DEBIAN:DLA-1989-1:8096A", "DEBIAN:DLA-1990-1:DF706", "DEBIAN:DLA-2051-1:E78EE", "DEBIAN:DSA-4484-1:9995E", "DEBIAN:DSA-4531-1:D6D1F", "DEBIAN:DSA-4564-1:E0777", "DEBIAN:DSA-4565-1:21F87", "DEBIAN:DSA-4565-2:D5727"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-11135"]}, {"type": "exploitdb", "idList": ["EDB-ID:47163", "EDB-ID:47543"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D90904EBF8E708574C2B9C142AE64E32"]}, {"type": "f5", "idList": ["F5:K01993501", "F5:K02912734", "F5:K10269585", "F5:K17269881", "F5:K28222050", "F5:K32034450", "F5:K41582535", "F5:K43239141", "F5:K48073202", "F5:K53420251", "F5:K61214359", "F5:K73659122", "F5:K74012105", "F5:K91025336"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:07FF360D17A8", "FEDORA:0B78D60E1FD1", "FEDORA:15CCC60D3105", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2CDA460E9B22", "FEDORA:2E87261278ED", "FEDORA:308A766A87C1", "FEDORA:344346042F3E", "FEDORA:347EC6014770", "FEDORA:371E06040B12", "FEDORA:3972A60A351B", "FEDORA:3AF72606FD79", "FEDORA:4002B609954A", "FEDORA:4CEF5610D7CA", "FEDORA:511A7608E6E1", "FEDORA:5180160A98F9", "FEDORA:51B856067EB8", "FEDORA:5445B61185FA", "FEDORA:56A076119752", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:5F24260E9922", "FEDORA:5FE4A6076D31", "FEDORA:6014560A35D1", "FEDORA:628EB603ECD0", "FEDORA:6D8F5627F513", "FEDORA:6D98A6187237", "FEDORA:754F860A98ED", "FEDORA:7800D60DF3BF", "FEDORA:7E825606351A", "FEDORA:803AE30C6416", "FEDORA:804E860A98ED", "FEDORA:87DAB6118614", "FEDORA:89A31604C861", "FEDORA:8C2F86119EC0", "FEDORA:8DEB0604D0FE", "FEDORA:8FEA960A4096", "FEDORA:94BC060A4ECF", "FEDORA:9801060D30FA", "FEDORA:9E9D96119EC1", "FEDORA:A0668610D7D1", "FEDORA:AC5E86062CAB", "FEDORA:AE8986042F2B", "FEDORA:B7184611861B", "FEDORA:BF5EC607125E", "FEDORA:C1D196119EC1", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C597E610D7D2", "FEDORA:C63426076F58", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:D9A2B60E1FCB", "FEDORA:E9C7E608767D", "FEDORA:EC9F26076D31"]}, {"type": "fortinet", "idList": ["FG-IR-19-224"]}, {"type": "freebsd", "idList": ["ECB7FDEC-0B82-11EA-874D-0C9D925BBBC0", "EDC0BF7E-05A1-11EA-9DFA-F8B156AC3FF9", "FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9"]}, {"type": "gentoo", "idList": ["GLSA-202003-56"]}, {"type": "githubexploit", "idList": ["1DCD6499-0990-565E-9159-24DBA1428255", "21C02459-836A-5B10-9130-27953475DA2A", "3EFA325D-5BA7-5EF3-9D27-F1E642D0DE95", "8C344C6F-D882-5801-AA22-22F5F3F4B4DB", "BFC7AA0E-B692-55B8-BECA-F6DAF024FADD", "DADF6C7C-8CAD-5148-81FC-1572BAD544E9"]}, {"type": "hp", "idList": ["HP:C06501965", "HP:C06502052", "HP:C06521007"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190828-01-KNOB"]}, {"type": "ibm", "idList": ["0FC7CED4B78FA51F433FBF3BAC439FB6F67980E97861DB61D5E227DA0D8C5CFF", "22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "3D1FD9B5927004B8B7B1CB77FE467A67DED4E5A078A791448C81D1500BA2A09E", "6D5DF12FB27293DC2112B69929AB6CFC7CE456E303952D8CE9040C6671A30910", "7BC7CA8D64FDAEBF4F352ECFBEED45FBB2063AF88351F5C93320EBBDB29E51B4", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "86C7951371BC0A7800D1FEBC038565FA28DED7D904E47462C3F5395FDE8AB9C9", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E", "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "D12C469715C8550A5DBD0ABD5099324400BF0BAE58ADBB7CB7FABF1B45899623", "DE367A059D35C909557795AD50F02620921B5CC13CC7F375C7C2F83A009A984C", "ED8A3D1B7861E9FADE2E56F3710C2F426BD0F046968D24A2807B0DBC778A1AA1", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "kaspersky", "idList": ["KLA11534", "KLA11608", "KLA11697", "KLA11871"]}, {"type": "lenovo", "idList": ["LENOVO:PS500267-NOSID", "LENOVO:PS500276-NOSID", "LENOVO:PS500279-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:B7AA161DBAFDA8D7D246FF7D80A9ADC4"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/LOCAL/PTRACE_TRACEME_PKEXEC_HELPER"]}, {"type": "mscve", "idList": ["MS:CVE-2018-12207", "MS:CVE-2019-11135", "MS:CVE-2019-9506"]}, {"type": "mskb", "idList": ["KB4525233", "KB4525237", "KB4525239", "KB4525241", "KB4525250", "KB4525253"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1293.NASL", "AL2_ALAS-2019-1364.NASL", "AL2_ALAS-2019-1366.NASL", "ALA_ALAS-2019-1281.NASL", "ALA_ALAS-2019-1293.NASL", "ALA_ALAS-2019-1318.NASL", "ALA_ALAS-2019-1322.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2019-2829.NASL", "CENTOS_RHSA-2019-2863.NASL", "CENTOS_RHSA-2019-3055.NASL", "CENTOS_RHSA-2019-3834.NASL", "CENTOS_RHSA-2019-3836.NASL", "CENTOS_RHSA-2019-3872.NASL", "CENTOS_RHSA-2019-3878.NASL", "CENTOS_RHSA-2019-3979.NASL", "CENTOS_RHSA-2019-4256.NASL", "CENTOS_RHSA-2020-0839.NASL", "CENTOS_RHSA-2020-1524.NASL", "DEBIAN_DLA-1862.NASL", "DEBIAN_DLA-1863.NASL", "DEBIAN_DLA-1884.NASL", "DEBIAN_DLA-1885.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-1940.NASL", "DEBIAN_DLA-1989.NASL", "DEBIAN_DLA-1990.NASL", "DEBIAN_DSA-4484.NASL", "DEBIAN_DSA-4497.NASL", "DEBIAN_DSA-4531.NASL", "DEBIAN_DSA-4564.NASL", "DEBIAN_DSA-4565.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2019-2081.NASL", "EULEROS_SA-2019-2106.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2020-1308.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1430.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1536.NASL", "FEDORA_2019-124A241044.NASL", "FEDORA_2019-15E141C6A7.NASL", "FEDORA_2019-1689D3FE07.NASL", "FEDORA_2019-376EC5C107.NASL", "FEDORA_2019-41E28660AE.NASL", "FEDORA_2019-4C91A2F76E.NASL", "FEDORA_2019-68D7F68507.NASL", "FEDORA_2019-6A67FF8793.NASL", "FEDORA_2019-7A3FC17778.NASL", "FEDORA_2019-97380355AE.NASL", "FEDORA_2019-A570A92D5A.NASL", "FEDORA_2019-A95015E60F.NASL", "FEDORA_2019-B1DE72B00B.NASL", "FEDORA_2019-B86A7BDBA0.NASL", "FEDORA_2019-CBB732F760.NASL", "FEDORA_2019-E3010166BD.NASL", "FREEBSD_PKG_ECB7FDEC0B8211EA874D0C9D925BBBC0.NASL", "FREEBSD_PKG_EDC0BF7E05A111EA9DFAF8B156AC3FF9.NASL", "FREEBSD_PKG_FBE10A8A05A111EA9DFAF8B156AC3FF9.NASL", "GENTOO_GLSA-202003-56.NASL", "MACOSX_FUSION_VMSA_2019_0021.NASL", "NEWSTART_CGSL_NS-SA-2019-0189_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0212_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0221_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0222_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2307.NASL", "OPENSUSE-2019-2308.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2503.NASL", "OPENSUSE-2019-2504.NASL", "OPENSUSE-2019-2505.NASL", "OPENSUSE-2019-2506.NASL", "OPENSUSE-2019-2507.NASL", "OPENSUSE-2019-2508.NASL", "OPENSUSE-2019-2509.NASL", "OPENSUSE-2019-2510.NASL", "OPENSUSE-2019-2527.NASL", "OPENSUSE-2019-2528.NASL", "OPENSUSE-2019-2675.NASL", "ORACLELINUX_ELSA-2019-2411.NASL", "ORACLELINUX_ELSA-2019-2827.NASL", "ORACLELINUX_ELSA-2019-2829.NASL", "ORACLELINUX_ELSA-2019-2863.NASL", "ORACLELINUX_ELSA-2019-3055.NASL", "ORACLELINUX_ELSA-2019-3832.NASL", "ORACLELINUX_ELSA-2019-3834.NASL", "ORACLELINUX_ELSA-2019-3836.NASL", "ORACLELINUX_ELSA-2019-3871.NASL", "ORACLELINUX_ELSA-2019-3872.NASL", "ORACLELINUX_ELSA-2019-3878.NASL", "ORACLELINUX_ELSA-2019-3979.NASL", "ORACLELINUX_ELSA-2019-4256.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "ORACLELINUX_ELSA-2019-4789.NASL", "ORACLELINUX_ELSA-2019-4799.NASL", "ORACLELINUX_ELSA-2019-4800.NASL", "ORACLELINUX_ELSA-2019-4810.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2019-4836.NASL", "ORACLELINUX_ELSA-2019-4837.NASL", "ORACLELINUX_ELSA-2019-4838.NASL", "ORACLELINUX_ELSA-2019-4839.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2019-4854.NASL", "ORACLELINUX_ELSA-2019-4855.NASL", "ORACLELINUX_ELSA-2019-4870.NASL", "ORACLELINUX_ELSA-2019-4871.NASL", "ORACLELINUX_ELSA-2019-4872.NASL", "ORACLELINUX_ELSA-2019-4878.NASL", "ORACLELINUX_ELSA-2020-0834.NASL", "ORACLELINUX_ELSA-2020-1524.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLEVM_OVMSA-2019-0044.NASL", "ORACLEVM_OVMSA-2019-0052.NASL", "ORACLEVM_OVMSA-2019-0054.NASL", "ORACLEVM_OVMSA-2019-0056.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "PHOTONOS_PHSA-2019-1_0-0251_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0252_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0255_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0030_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0034_LINUX.NASL", "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2405.NASL", "REDHAT-RHSA-2019-2411.NASL", "REDHAT-RHSA-2019-2809.NASL", "REDHAT-RHSA-2019-2827.NASL", "REDHAT-RHSA-2019-2828.NASL", "REDHAT-RHSA-2019-2829.NASL", "REDHAT-RHSA-2019-2830.NASL", "REDHAT-RHSA-2019-2854.NASL", "REDHAT-RHSA-2019-2862.NASL", "REDHAT-RHSA-2019-2863.NASL", "REDHAT-RHSA-2019-2864.NASL", "REDHAT-RHSA-2019-2865.NASL", "REDHAT-RHSA-2019-2866.NASL", "REDHAT-RHSA-2019-2867.NASL", "REDHAT-RHSA-2019-2869.NASL", "REDHAT-RHSA-2019-2889.NASL", "REDHAT-RHSA-2019-2899.NASL", "REDHAT-RHSA-2019-2900.NASL", "REDHAT-RHSA-2019-2901.NASL", "REDHAT-RHSA-2019-2924.NASL", "REDHAT-RHSA-2019-2975.NASL", "REDHAT-RHSA-2019-3055.NASL", "REDHAT-RHSA-2019-3076.NASL", "REDHAT-RHSA-2019-3089.NASL", "REDHAT-RHSA-2019-3165.NASL", "REDHAT-RHSA-2019-3187.NASL", "REDHAT-RHSA-2019-3217.NASL", "REDHAT-RHSA-2019-3218.NASL", "REDHAT-RHSA-2019-3220.NASL", "REDHAT-RHSA-2019-3231.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2019-3832.NASL", "REDHAT-RHSA-2019-3833.NASL", "REDHAT-RHSA-2019-3834.NASL", "REDHAT-RHSA-2019-3835.NASL", "REDHAT-RHSA-2019-3836.NASL", "REDHAT-RHSA-2019-3837.NASL", "REDHAT-RHSA-2019-3838.NASL", "REDHAT-RHSA-2019-3839.NASL", "REDHAT-RHSA-2019-3840.NASL", "REDHAT-RHSA-2019-3841.NASL", "REDHAT-RHSA-2019-3842.NASL", "REDHAT-RHSA-2019-3843.NASL", "REDHAT-RHSA-2019-3844.NASL", "REDHAT-RHSA-2019-3860.NASL", "REDHAT-RHSA-2019-3870.NASL", "REDHAT-RHSA-2019-3871.NASL", "REDHAT-RHSA-2019-3872.NASL", "REDHAT-RHSA-2019-3873.NASL", "REDHAT-RHSA-2019-3877.NASL", "REDHAT-RHSA-2019-3878.NASL", "REDHAT-RHSA-2019-3883.NASL", "REDHAT-RHSA-2019-3887.NASL", "REDHAT-RHSA-2019-3889.NASL", "REDHAT-RHSA-2019-3908.NASL", "REDHAT-RHSA-2019-3936.NASL", "REDHAT-RHSA-2019-3978.NASL", "REDHAT-RHSA-2019-3979.NASL", "REDHAT-RHSA-2019-4154.NASL", "REDHAT-RHSA-2019-4256.NASL", "REDHAT-RHSA-2020-0839.NASL", "REDHAT-RHSA-2020-1266.NASL", "REDHAT-RHSA-2020-1347.NASL", "REDHAT-RHSA-2020-1353.NASL", "REDHAT-RHSA-2020-1460.NASL", "REDHAT-RHSA-2020-1465.NASL", "REDHAT-RHSA-2020-1473.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-1524.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2082.NASL", "REDHAT-RHSA-2020-2085.NASL", "REDHAT-RHSA-2020-2104.NASL", "REDHAT-RHSA-2020-5206.NASL", "REDHAT-RHSA-2020-5656.NASL", "SLACKWARE_SSA_2019-202-01.NASL", "SLACKWARE_SSA_2019-226-01.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "SLACKWARE_SSA_2019-320-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SL_20190920_KERNEL_ON_SL7_X.NASL", "SL_20190923_KERNEL_ON_SL6_X.NASL", "SL_20191016_KERNEL_ON_SL7_X.NASL", "SL_20191113_KERNEL_ON_SL6_X.NASL", "SL_20191113_KERNEL_ON_SL7_X.NASL", "SL_20191114_KERNEL_ON_SL6_X.NASL", "SL_20191114_KERNEL_ON_SL7_X.NASL", "SL_20191205_KERNEL_ON_SL7_X.NASL", "SL_20191217_KERNEL_ON_SL6_X.NASL", "SL_20200422_KERNEL_ON_SL6_X.NASL", "SMB_NT_MS19_AUG_4512507.NASL", "SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525232.NASL", "SMB_NT_MS19_NOV_4525234.NASL", "SMB_NT_MS19_NOV_4525235.NASL", "SMB_NT_MS19_NOV_4525236.NASL", "SMB_NT_MS19_NOV_4525237.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4525243.NASL", "SMB_NT_MS19_NOV_4525246.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2600-1.NASL", "SUSE_SU-2019-2601-1.NASL", "SUSE_SU-2019-2613-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2706-1.NASL", "SUSE_SU-2019-2710-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2829-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2948-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2954-1.NASL", "SUSE_SU-2019-2955-1.NASL", "SUSE_SU-2019-2956-1.NASL", "SUSE_SU-2019-2957-1.NASL", "SUSE_SU-2019-2958-1.NASL", "SUSE_SU-2019-2959-1.NASL", "SUSE_SU-2019-2960-1.NASL", "SUSE_SU-2019-2961-1.NASL", "SUSE_SU-2019-2962-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-2986-1.NASL", "SUSE_SU-2019-2987-1.NASL", "SUSE_SU-2019-2988-1.NASL", "SUSE_SU-2019-3091-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3228-1.NASL", "SUSE_SU-2019-3230-1.NASL", "SUSE_SU-2019-3232-1.NASL", "SUSE_SU-2019-3233-1.NASL", "SUSE_SU-2019-3237-1.NASL", "SUSE_SU-2019-3258-1.NASL", "SUSE_SU-2019-3260-1.NASL", "SUSE_SU-2019-3261-1.NASL", "SUSE_SU-2019-3263-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3297-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3340-1.NASL", "SUSE_SU-2019-3348-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3381-1.NASL", "UBUNTU_USN-4093-1.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4117-1.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4135-1.NASL", "UBUNTU_USN-4144-1.NASL", "UBUNTU_USN-4145-1.NASL", "UBUNTU_USN-4147-1.NASL", "UBUNTU_USN-4157-1.NASL", "UBUNTU_USN-4157-2.NASL", "UBUNTU_USN-4162-1.NASL", "UBUNTU_USN-4163-1.NASL", "UBUNTU_USN-4182-1.NASL", "UBUNTU_USN-4182-3.NASL", "UBUNTU_USN-4183-1.NASL", "UBUNTU_USN-4183-2.NASL", "UBUNTU_USN-4184-1.NASL", "UBUNTU_USN-4184-2.NASL", "UBUNTU_USN-4185-1.NASL", "UBUNTU_USN-4185-3.NASL", "UBUNTU_USN-4186-1.NASL", "UBUNTU_USN-4186-3.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4210-1.NASL", "UBUNTU_USN-4211-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "VIRTUOZZO_VZA-2019-089.NASL", "VMWARE_VMSA-2019-0020.NASL", "VMWARE_WORKSTATION_VMSA_2019_0021.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112644", "OPENVAS:1361412562310704484", "OPENVAS:1361412562310704531", "OPENVAS:1361412562310704564", "OPENVAS:1361412562310704565", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310815438", "OPENVAS:1361412562310815439", "OPENVAS:1361412562310815720", "OPENVAS:1361412562310815722", "OPENVAS:1361412562310815834", "OPENVAS:1361412562310815835", "OPENVAS:1361412562310815836", "OPENVAS:1361412562310815837", "OPENVAS:1361412562310815839", "OPENVAS:1361412562310844131", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844158", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844182", "OPENVAS:1361412562310844191", "OPENVAS:1361412562310844192", "OPENVAS:1361412562310844194", "OPENVAS:1361412562310844203", "OPENVAS:1361412562310844208", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310844210", "OPENVAS:1361412562310844229", "OPENVAS:1361412562310844230", "OPENVAS:1361412562310844231", "OPENVAS:1361412562310844233", "OPENVAS:1361412562310844234", "OPENVAS:1361412562310844235", "OPENVAS:1361412562310844236", "OPENVAS:1361412562310844256", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844258", "OPENVAS:1361412562310844263", "OPENVAS:1361412562310844274", "OPENVAS:1361412562310844277", "OPENVAS:1361412562310844364", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852737", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310852771", "OPENVAS:1361412562310852772", "OPENVAS:1361412562310852773", "OPENVAS:1361412562310852774", "OPENVAS:1361412562310852777", "OPENVAS:1361412562310876583", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876744", "OPENVAS:1361412562310876747", "OPENVAS:1361412562310876749", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876751", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876811", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876842", "OPENVAS:1361412562310876868", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876870", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876930", "OPENVAS:1361412562310876939", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876993", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876996", "OPENVAS:1361412562310876997", "OPENVAS:1361412562310876998", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877000", "OPENVAS:1361412562310877001", "OPENVAS:1361412562310877045", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877081", "OPENVAS:1361412562310883113", "OPENVAS:1361412562310883115", "OPENVAS:1361412562310883117", "OPENVAS:1361412562310883131", "OPENVAS:1361412562310883133", "OPENVAS:1361412562310883134", "OPENVAS:1361412562310883135", "OPENVAS:1361412562310883139", "OPENVAS:1361412562310883220", "OPENVAS:1361412562310891862", "OPENVAS:1361412562310891863", "OPENVAS:1361412562310891884", "OPENVAS:1361412562310891885", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310891940", "OPENVAS:1361412562310891989", "OPENVAS:1361412562310891990", "OPENVAS:1361412562311220201269", "OPENVAS:1361412562311220201308", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201536"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2411", "ELSA-2019-2703", "ELSA-2019-2827", "ELSA-2019-2829", "ELSA-2019-2863", "ELSA-2019-3055", "ELSA-2019-3832", "ELSA-2019-3834", "ELSA-2019-3836", "ELSA-2019-3871", "ELSA-2019-3872", "ELSA-2019-3878", "ELSA-2019-3979", "ELSA-2019-4256", "ELSA-2019-4746", "ELSA-2019-4789", "ELSA-2019-4799", "ELSA-2019-4800", "ELSA-2019-4808", "ELSA-2019-4810", "ELSA-2019-4820", "ELSA-2019-4836", "ELSA-2019-4837", "ELSA-2019-4838", "ELSA-2019-4839", "ELSA-2019-4850", "ELSA-2019-4854", "ELSA-2019-4855", "ELSA-2019-4867", "ELSA-2019-4868", "ELSA-2019-4870", "ELSA-2019-4871", "ELSA-2019-4872", "ELSA-2019-4878", "ELSA-2020-1016", "ELSA-2020-1116", "ELSA-2020-1524", "ELSA-2020-2082", "ELSA-2020-5676", "ELSA-2021-9459"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154957", "PACKETSTORM:156929"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0206", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0238", "PHSA-2019-1.0-0251", "PHSA-2019-1.0-0259", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0175", "PHSA-2019-2.0-0189", "PHSA-2019-2.0-0191", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0034", "PHSA-2019-3.0-0036", "PHSA-2020-1.0-0274", "PHSA-2020-1.0-0279", "PHSA-2020-2.0-0212", "PHSA-2020-3.0-0065"]}, {"type": "redhat", "idList": ["RHSA-2019:2405", "RHSA-2019:2411", "RHSA-2019:2829", "RHSA-2019:2830", "RHSA-2019:2854", "RHSA-2019:2863", "RHSA-2019:2864", "RHSA-2019:2865", "RHSA-2019:2866", "RHSA-2019:2867", "RHSA-2019:2869", "RHSA-2019:2889", "RHSA-2019:2899", "RHSA-2019:2901", "RHSA-2019:2924", "RHSA-2019:3832", "RHSA-2019:3833", "RHSA-2019:3834", "RHSA-2019:3836", "RHSA-2019:3837", "RHSA-2019:3838", "RHSA-2019:3840", "RHSA-2019:3842", "RHSA-2019:3843", "RHSA-2019:3860", "RHSA-2019:3870", "RHSA-2019:3877", "RHSA-2019:3887", "RHSA-2019:3889", "RHSA-2019:3908", "RHSA-2019:3936", "RHSA-2020:2082"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10906", "RH:CVE-2017-18595", "RH:CVE-2018-20976", "RH:CVE-2019-10220", "RH:CVE-2019-11135", "RH:CVE-2019-15215", "RH:CVE-2019-15221", "RH:CVE-2019-15291", "RH:CVE-2019-15807", "RH:CVE-2019-15902", "RH:CVE-2019-15926", "RH:CVE-2019-15927", "RH:CVE-2019-16232", "RH:CVE-2019-16233", "RH:CVE-2019-16234", "RH:CVE-2019-17666", "RH:CVE-2019-19338", "RH:CVE-2019-19339"]}, {"type": "slackware", "idList": ["SSA-2019-202-01", "SSA-2019-226-01", "SSA-2019-311-01", "SSA-2019-320-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2307-1", "OPENSUSE-SU-2019:2308-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2503-1", "OPENSUSE-SU-2019:2504-1", "OPENSUSE-SU-2019:2505-1", "OPENSUSE-SU-2019:2506-1", "OPENSUSE-SU-2019:2507-1", "OPENSUSE-SU-2019:2509-1", "OPENSUSE-SU-2019:2510-1", "OPENSUSE-SU-2019:2527-1", "OPENSUSE-SU-2019:2528-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2019:2710-1"]}, {"type": "symantec", "idList": ["SMNTC-111292"]}, {"type": "talos", "idList": ["SAP"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:2317E195EA00288327BADFBE0E5DBA9A", "THN:7C2166B58EF6EE65AF920B2CE0FD9845"]}, {"type": "threatpost", "idList": ["THREATPOST:0C3D5795D480495E2117878151D25765", "THREATPOST:25E72D5927161BC631CDDD38FB642431", "THREATPOST:62D876A38CF65F658A4E0332E90F521A", "THREATPOST:EA093948BFD7033F5C9DB5B3199BEED4"]}, {"type": "ubuntu", "idList": ["USN-4093-1", "USN-4094-1", "USN-4095-1", "USN-4115-1", "USN-4115-2", "USN-4117-1", "USN-4118-1", "USN-4135-1", "USN-4135-2", "USN-4144-1", "USN-4145-1", "USN-4147-1", "USN-4157-1", "USN-4157-2", "USN-4162-1", "USN-4162-2", "USN-4163-1", "USN-4163-2", "USN-4182-1", "USN-4182-2", "USN-4182-3", "USN-4182-4", "USN-4183-1", "USN-4183-2", "USN-4184-1", "USN-4184-2", "USN-4185-1", "USN-4185-2", "USN-4185-3", "USN-4186-1", "USN-4186-2", "USN-4186-3", "USN-4187-1", "USN-4188-1", "USN-4208-1", "USN-4210-1", "USN-4211-1", "USN-4211-2", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10906", "UB:CVE-2017-18509", "UB:CVE-2017-18551", "UB:CVE-2017-18595", "UB:CVE-2018-12207", "UB:CVE-2018-20976", "UB:CVE-2019-0154", "UB:CVE-2019-0155", "UB:CVE-2019-10220", "UB:CVE-2019-11135", "UB:CVE-2019-14814", "UB:CVE-2019-14815", "UB:CVE-2019-14816", "UB:CVE-2019-14821", "UB:CVE-2019-14835", "UB:CVE-2019-15098", "UB:CVE-2019-15211", "UB:CVE-2019-15212", "UB:CVE-2019-15214", "UB:CVE-2019-15215", "UB:CVE-2019-15216", "UB:CVE-2019-15217", "UB:CVE-2019-15218", "UB:CVE-2019-15219", "UB:CVE-2019-15220", "UB:CVE-2019-15221", "UB:CVE-2019-15239", "UB:CVE-2019-15291", "UB:CVE-2019-15505", "UB:CVE-2019-15666", "UB:CVE-2019-15807", "UB:CVE-2019-15902", "UB:CVE-2019-15924", "UB:CVE-2019-15926", "UB:CVE-2019-15927", "UB:CVE-2019-16232", "UB:CVE-2019-16233", "UB:CVE-2019-16234", "UB:CVE-2019-16413", "UB:CVE-2019-16995", "UB:CVE-2019-17055", "UB:CVE-2019-17056", "UB:CVE-2019-17133", "UB:CVE-2019-17666", "UB:CVE-2019-9456", "UB:CVE-2019-9506"]}, {"type": "virtuozzo", "idList": ["VZA-2019-074", "VZA-2019-086", "VZA-2019-088", "VZA-2019-089", "VZA-2020-036"]}, {"type": "vmware", "idList": ["VMSA-2019-0020"]}, {"type": "xen", "idList": ["XSA-304", "XSA-305"]}, {"type": "zdt", "idList": ["1337DAY-ID-32994", "1337DAY-ID-33027", "1337DAY-ID-33410", "1337DAY-ID-34151"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-10906", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2017-18379", "epss": 0.00551, "percentile": 0.74159, "modified": "2023-05-06"}, {"cve": "CVE-2017-18509", "epss": 0.002, "percentile": 0.56408, "modified": "2023-05-06"}, {"cve": "CVE-2017-18551", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2017-18595", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2018-12207", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2018-20976", "epss": 0.00046, "percentile": 0.14019, "modified": "2023-05-06"}, {"cve": "CVE-2019-0154", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-0155", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-10220", "epss": 0.0021, "percentile": 0.57447, "modified": "2023-05-06"}, {"cve": "CVE-2019-11135", "epss": 0.00049, "percentile": 0.15303, "modified": "2023-05-06"}, {"cve": "CVE-2019-13272", "epss": 0.00052, "percentile": 0.18044, "modified": "2023-05-06"}, {"cve": "CVE-2019-14814", "epss": 0.00045, "percentile": 0.1249, "modified": "2023-05-06"}, {"cve": "CVE-2019-14815", "epss": 0.0005, "percentile": 0.16349, "modified": "2023-05-06"}, {"cve": "CVE-2019-14816", "epss": 0.00045, "percentile": 0.1249, "modified": "2023-05-06"}, {"cve": "CVE-2019-14821", "epss": 0.00047, "percentile": 0.14348, "modified": "2023-05-06"}, {"cve": "CVE-2019-14835", "epss": 0.00069, "percentile": 0.28387, "modified": "2023-05-06"}, {"cve": "CVE-2019-15098", "epss": 0.00228, "percentile": 0.59545, "modified": "2023-05-06"}, {"cve": "CVE-2019-15211", "epss": 0.00117, "percentile": 0.44311, "modified": "2023-05-06"}, {"cve": "CVE-2019-15212", "epss": 0.00117, "percentile": 0.44311, "modified": "2023-05-06"}, {"cve": "CVE-2019-15214", "epss": 0.00096, "percentile": 0.38934, "modified": "2023-05-06"}, {"cve": "CVE-2019-15215", "epss": 0.00117, "percentile": 0.44311, "modified": "2023-05-06"}, {"cve": "CVE-2019-15216", "epss": 0.00097, "percentile": 0.39345, "modified": "2023-05-06"}, {"cve": "CVE-2019-15217", "epss": 0.00097, "percentile": 0.39345, "modified": "2023-05-06"}, {"cve": "CVE-2019-15218", "epss": 0.00127, "percentile": 0.45927, "modified": "2023-05-06"}, {"cve": "CVE-2019-15219", "epss": 0.00117, "percentile": 0.44311, "modified": "2023-05-06"}, {"cve": "CVE-2019-15220", "epss": 0.00097, "percentile": 0.39345, "modified": "2023-05-06"}, {"cve": "CVE-2019-15221", "epss": 0.00097, "percentile": 0.39345, "modified": "2023-05-06"}, {"cve": "CVE-2019-15239", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2019-15291", "epss": 0.00123, "percentile": 0.45307, "modified": "2023-05-06"}, {"cve": "CVE-2019-15505", "epss": 0.00318, "percentile": 0.65991, "modified": "2023-05-06"}, {"cve": "CVE-2019-15666", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-15807", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-15902", "epss": 0.00049, "percentile": 0.15302, "modified": "2023-05-06"}, {"cve": "CVE-2019-15924", "epss": 0.00076, "percentile": 0.30724, "modified": "2023-05-06"}, {"cve": "CVE-2019-15926", "epss": 0.01038, "percentile": 0.81732, "modified": "2023-05-06"}, {"cve": "CVE-2019-15927", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-16232", "epss": 0.00063, "percentile": 0.2547, "modified": "2023-05-06"}, {"cve": "CVE-2019-16233", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-16234", "epss": 0.00045, "percentile": 0.1211, "modified": "2023-05-06"}, {"cve": "CVE-2019-16413", "epss": 0.00393, "percentile": 0.69424, "modified": "2023-05-06"}, {"cve": "CVE-2019-16995", "epss": 0.00441, "percentile": 0.71069, "modified": "2023-05-06"}, {"cve": "CVE-2019-17055", "epss": 0.00049, "percentile": 0.15129, "modified": "2023-05-06"}, {"cve": "CVE-2019-17056", "epss": 0.0005, "percentile": 0.16987, "modified": "2023-05-06"}, {"cve": "CVE-2019-17133", "epss": 0.00576, "percentile": 0.74775, "modified": "2023-05-06"}, {"cve": "CVE-2019-17666", "epss": 0.00136, "percentile": 0.47662, "modified": "2023-05-06"}, {"cve": "CVE-2019-9456", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2019-9506", "epss": 0.00095, "percentile": 0.38753, "modified": "2023-05-06"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1685051796, "score": 1698838580, "epss": 0}, "_internal": {"score_hash": "942acd192c00869e170a6991289d5873"}, "pluginID": "130949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2949-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130949);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2016-10906\",\n \"CVE-2017-18379\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2018-12207\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-9456\",\n \"CVE-2019-9506\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-13272\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15098\",\n \"CVE-2019-15211\",\n \"CVE-2019-15212\",\n \"CVE-2019-15214\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15239\",\n \"CVE-2019-15290\",\n \"CVE-2019-15291\",\n \"CVE-2019-15505\",\n \"CVE-2019-15666\",\n \"CVE-2019-15807\",\n \"CVE-2019-15902\",\n \"CVE-2019-15924\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16413\",\n \"CVE-2019-16995\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12-SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a\nmemory leak in hsr_dev_finalize() if hsr_add_port failed to add a\nport, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs\nwith Transactional Memory support could be used to facilitate\nsidechannel information leaks out of microarchitectural buffers,\nsimilar to the previously described 'Microarchitectural Data Sampling'\nattack.\n\nThe Linux kernel was supplemented with the option to disable TSX\noperation altogether (requiring CPU Microcode updates on older\nsystems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check\nthe alloc_workqueue return value, leading to a NULL pointer\ndereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not\nenforce CAP_NET_RAW, which meant that unprivileged users could create\na raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write()\nproperly, which caused an i_size_read() infinite loop and denial of\nservice on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced\nthe Spectre vulnerability it had aimed to eliminate. This occurred\nbecause the backport process depends on cherry picking specific\ncommits, and because two (correctly ordered) code lines were swapped\n(bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be\ncaused by a malicious USB device (bnc#1146519).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be\nabused to cause denial of service (bnc#1148938).\n\nCVE-2019-13272: Fixed a mishandled the recording of the credentials of\na process that wants to create a ptrace relationship, which allowed\nlocal users to obtain root access by leveraging certain scenarios with\na parent-child process relationship, where a parent drops privileges\nand calls execve (potentially allowing control by an attacker).\n(bnc#1140671).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the\nkernel's KVM hypervisor. An unprivileged host user or process with\naccess to '/dev/kvm' device could use this flaw to crash the host\nkernel, resulting in a denial of service or potentially escalating\nprivileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be\ncaused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed\n(bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost\nfunctionality that translates virtqueue buffers to IOVs. A privileged\nguest user able to pass descriptors with invalid length to the host\ncould use this flaw to increase their privileges on the host\n(bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be\nmalicious USB device (bnc#1146361).\n\nCVE-2019-15924: A a NULL pointer dereference has been fixed in the\ndrivers/net/ethernet/intel/fm10k module (bnc#1149612).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has\nbeen fixed. This issue could lead to local escalation of privilege\nwith System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the\ndrivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the\nsound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15666: There was an out-of-bounds array access in the\nnet/xfrm module that could cause denial of service (bnc#1148394).\n\nCVE-2017-18379: An out-of-boundary access was fixed in the\ndrivers/nvme/target module (bnc#1143187).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be\nabused by a malicious USB device (bnc#1146519 1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused\nby a malicious USB device (bnc#1146519 1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be\ncaused by a malicious USB device (bnc#1146519 1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell\nwifi chip driver. That issue allowed local users to cause a denial of\nservice (system crash) or possibly execute arbitrary code\n(bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed\n(bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip\ndriver was fixed. Local users would have abused this issue to cause a\ndenial of service (system crash) or possibly execute arbitrary code\n(bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific\nsocket option, an attacker could control a pointer in kernel land and\ncause an inet_csk_listen_stop general protection fault, or potentially\nexecute arbitrary code under certain circumstances. The issue can be\ntriggered as root (e.g., inside a default LXC container or with the\nCAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit\nsufficiently low encryption key length and did not prevent an attacker\nfrom influencing the key length negotiation. This allowed practical\nbrute-force attacks (aka 'KNOB') that could decrypt traffic and inject\narbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath\nwas fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in\nath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15239: A incorrect patch to net/ipv4 was fixed. By adding to\na write queue between disconnection and re-connection, a local\nattacker could trigger multiple use-after-free conditions. This could\nresult in kernel crashes or potentially in privilege escalation.\n(bnc#1146589)\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver\n(bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in\ndrivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15211: A use-after-free issue caused by a malicious USB\ndevice was fixed in the drivers/media/v4l2-core driver (bnc#1146519).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a\nmalicious USB device was fixed in the drivers/media/usb/zr364xx driver\n(bnc#1146519).\n\nCVE-2019-15214: An a use-after-free issue in the sound subsystem was\nfixed (bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB\ndevice was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB\ndevice was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver\n(bnc#1146285).\n\nCVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c\ndriver (bnc#1146163).\n\nCVE-2019-0154: An unprotected read access to i915 registers has been\nfixed that could have been abused to facilitate a local\ndenial-of-service attack. (bsc#1135966)\n\nCVE-2019-0155: A privilege escalation vulnerability has been fixed in\nthe i915 module that allowed batch buffers from user mode to gain\nsuper user privileges. (bsc#1135967)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1147022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1147122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10906/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18379/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18509/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18551/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18595/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20976/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15098/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15214/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15215/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15217/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15218/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15290/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15505/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15924/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15926/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15927/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16413/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9506/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b73bfe19\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2949=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2949=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2949=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2949=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2949=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2019-2949=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2949=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2949=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15505\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.107.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2949=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2949=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2949=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2949=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2949=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2019-2949=1\n\nSUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2019-2949=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.\n\nHPE Helion Openstack 8:zypper in -t patch HPE-Helion-OpenStack-8-2019-2949=1", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2019-15505", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-11-12T00:00:00", "vulnerabilityPublicationDate": "2019-07-17T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(Linux Polkit pkexec helper PTRACE_TRACEME local root exploit)"]}
{"nessus": [{"lastseen": "2023-05-24T14:31:52", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938).\n\nCVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker).\n(bnc#1140671).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361).\n\nCVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519).\n\nCVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285).\n\nCVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966)\n\nCVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967)\n\nCVE-2019-16231: The fjes driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bnc#1150466)\n\nCVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187)\n\nCVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock() could cause denial of service (bnc#1155898)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10906", "CVE-2017-18509", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-13272", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18680", "CVE-2019-18805", "CVE-2019-9456", "CVE-2019-9506"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2984-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2984-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131120);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2016-10906\",\n \"CVE-2017-18509\",\n \"CVE-2017-18595\",\n \"CVE-2018-12207\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-9456\",\n \"CVE-2019-9506\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-13272\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15098\",\n \"CVE-2019-15211\",\n \"CVE-2019-15212\",\n \"CVE-2019-15214\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15290\",\n \"CVE-2019-15291\",\n \"CVE-2019-15505\",\n \"CVE-2019-15666\",\n \"CVE-2019-15807\",\n \"CVE-2019-15902\",\n \"CVE-2019-15924\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16413\",\n \"CVE-2019-16995\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18680\",\n \"CVE-2019-18805\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a\nmemory leak in hsr_dev_finalize() if hsr_add_port failed to add a\nport, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs\nwith Transactional Memory support could be used to facilitate\nsidechannel information leaks out of microarchitectural buffers,\nsimilar to the previously described 'Microarchitectural Data Sampling'\nattack.\n\nThe Linux kernel was supplemented with the option to disable TSX\noperation altogether (requiring CPU Microcode updates on older\nsystems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check\nthe alloc_workqueue return value, leading to a NULL pointer\ndereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not\nenforce CAP_NET_RAW, which meant that unprivileged users could create\na raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write()\nproperly, which caused an i_size_read() infinite loop and denial of\nservice on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced\nthe Spectre vulnerability it had aimed to eliminate. This occurred\nbecause the backport process depends on cherry picking specific\ncommits, and because two (correctly ordered) code lines were swapped\n(bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be\ncaused by a malicious USB device (bnc#1146519).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be\nabused to cause denial of service (bnc#1148938).\n\nCVE-2019-13272: Fixed a mishandled the recording of the credentials of\na process that wants to create a ptrace relationship, which allowed\nlocal users to obtain root access by leveraging certain scenarios with\na parent-child process relationship, where a parent drops privileges\nand calls execve (potentially allowing control by an attacker).\n(bnc#1140671).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the\nkernel's kvm hypervisor. An unprivileged host user or process with\naccess to '/dev/kvm' device could use this flaw to crash the host\nkernel, resulting in a denial of service or potentially escalating\nprivileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be\ncaused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed\n(bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost\nfunctionality that translates virtqueue buffers to IOVs. A privileged\nguest user able to pass descriptors with invalid length to the host\ncould use this flaw to increase their privileges on the host\n(bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be\nmalicious USB device (bnc#1146361).\n\nCVE-2019-15924: A a NULL pointer dereference has been fixed in the\ndrivers/net/ethernet/intel/fm10k module (bnc#1149612).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has\nbeen fixed. This issue could lead to local escalation of privilege\nwith System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the\ndrivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the\nsound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15666: There was an out-of-bounds array access in the\nnet/xfrm module that could cause denial of service (bnc#1148394).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be\nabused by a malicious USB device (bnc#1146519 1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused\nby a malicious USB device (bnc#1146519 1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be\ncaused by a malicious USB device (bnc#1146519 1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell\nwifi chip driver. That issue allowed local users to cause a denial of\nservice (system crash) or possibly execute arbitrary code\n(bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed\n(bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip\ndriver was fixed. Local users would have abused this issue to cause a\ndenial of service (system crash) or possibly execute arbitrary code\n(bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific\nsocket option, an attacker could control a pointer in kernel land and\ncause an inet_csk_listen_stop general protection fault, or potentially\nexecute arbitrary code under certain circumstances. The issue can be\ntriggered as root (e.g., inside a default LXC container or with the\nCAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit\nsufficiently low encryption key length and did not prevent an attacker\nfrom influencing the key length negotiation. This allowed practical\nbrute-force attacks (aka 'KNOB') that could decrypt traffic and inject\narbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath\nwas fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in\nath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver\n(bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in\ndrivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15211: A use-after-free issue caused by a malicious USB\ndevice was fixed in the drivers/media/v4l2-core driver (bnc#1146519).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a\nmalicious USB device was fixed in the drivers/media/usb/zr364xx driver\n(bnc#1146519).\n\nCVE-2019-15214: An a use-after-free issue in the sound subsystem was\nfixed (bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB\ndevice was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB\ndevice was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver\n(bnc#1146285).\n\nCVE-2019-0154: An unprotected read access to i915 registers has been\nfixed that could have been abused to facilitate a local\ndenial-of-service attack. (bsc#1135966)\n\nCVE-2019-0155: A privilege escalation vulnerability has been fixed in\nthe i915 module that allowed batch buffers from user mode to gain\nsuper user privileges. (bsc#1135967)\n\nCVE-2019-16231: The fjes driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bnc#1150466)\n\nCVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt()\nthat could have lead to a denial of service or possibly unspecified\nother impact (bsc#1156187)\n\nCVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock()\ncould cause denial of service (bnc#1155898)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1147122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10906/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18509/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18595/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20976/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15098/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15214/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15215/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15217/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15218/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15290/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15505/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15924/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15926/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15927/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16231/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16413/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18680/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9506/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09019f04\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2984=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2984=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2984=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2984=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-2984=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15505\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.125.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.125.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T16:41:16", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233:\ndrivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#11465).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's KVM hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285).\n\nCVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c driver (bnc#1146163).\n\nCVE-2019-10207: Add checks for missing tty operations to prevent unprivileged user to execute 0x0 address (bsc#1142857 bsc#1123959)\n\nCVE-2019-15118: ALSA: usb-audio: Fix a stack-based buffer overflow bug in check_input_term leading to kernel stack exhaustion (bsc#1145922).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10906", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-10207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-11477", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-9456", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2950-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2950-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130950);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-10906\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2018-12207\",\n \"CVE-2018-20976\",\n \"CVE-2019-10207\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-11477\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15098\",\n \"CVE-2019-15118\",\n \"CVE-2019-15212\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15290\",\n \"CVE-2019-15291\",\n \"CVE-2019-15505\",\n \"CVE-2019-15807\",\n \"CVE-2019-15902\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16413\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-9456\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel KVM hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with\nTransactional Memory support could be used to facilitate sidechannel\ninformation leaks out of microarchitectural buffers, similar to the\npreviously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX\noperation altogether (requiring CPU Microcode updates on older\nsystems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233:\ndrivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return\nvalue, leading to a NULL pointer dereference. (bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17055: The AF_ISDN network module in the Linux kernel did not\nenforce CAP_NET_RAW, which meant that unprivileged users could create\na raw socket (bnc#1152782).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nCVE-2019-16413: The 9p filesystem did not protect i_size_write()\nproperly, which caused an i_size_read() infinite loop and denial of\nservice on SMP systems (bnc#1151347).\n\nCVE-2019-15902: A backporting issue was discovered that re-introduced\nthe Spectre vulnerability it had aimed to eliminate. This occurred\nbecause the backport process depends on cherry picking specific\ncommits, and because two (correctly ordered) code lines were swapped\n(bnc#1149376).\n\nCVE-2019-15291: Fixed a NULL pointer dereference issue that could be\ncaused by a malicious USB device (bnc#11465).\n\nCVE-2019-15807: Fixed a memory leak in the SCSI module that could be\nabused to cause denial of service (bnc#1148938).\n\nCVE-2019-14821: An out-of-bounds access issue was fixed in the\nkernel's KVM hypervisor. An unprivileged host user or process with\naccess to '/dev/kvm' device could use this flaw to crash the host\nkernel, resulting in a denial of service or potentially escalating\nprivileges on the system (bnc#1151350).\n\nCVE-2019-15505: An out-of-bounds issue had been fixed that could be\ncaused by crafted USB device traffic (bnc#1147122).\n\nCVE-2017-18595: A double free in allocate_trace_buffer was fixed\n(bnc#1149555).\n\nCVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost\nfunctionality that translates virtqueue buffers to IOVs. A privileged\nguest user able to pass descriptors with invalid length to the host\ncould use this flaw to increase their privileges on the host\n(bnc#1150112).\n\nCVE-2019-15216: A NULL pointer dereference was fixed that could be\nmalicious USB device (bnc#1146361).\n\nCVE-2019-9456: An out-of-bounds write in the USB monitor driver has\nbeen fixed. This issue could lead to local escalation of privilege\nwith System execution privileges needed. (bnc#1150025).\n\nCVE-2019-15926: An out-of-bounds access was fixed in the\ndrivers/net/wireless/ath/ath6kl module. (bnc#1149527).\n\nCVE-2019-15927: An out-of-bounds access was fixed in the\nsound/usb/mixer module (bnc#1149522).\n\nCVE-2019-15219: A NULL pointer dereference was fixed that could be\nabused by a malicious USB device (bnc#1146524).\n\nCVE-2019-15220: A use-after-free issue was fixed that could be caused\nby a malicious USB device (bnc#1146526).\n\nCVE-2019-15221: A NULL pointer dereference was fixed that could be\ncaused by a malicious USB device (bnc#1146529).\n\nCVE-2019-14814: A heap-based buffer overflow was fixed in the marvell\nwifi chip driver. That issue allowed local users to cause a denial of\nservice (system crash) or possibly execute arbitrary code\n(bnc#1146512).\n\nCVE-2019-14815: A missing length check while parsing WMM IEs was fixed\n(bsc#1146512, bsc#1146514, bsc#1146516).\n\nCVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip\ndriver was fixed. Local users would have abused this issue to cause a\ndenial of service (system crash) or possibly execute arbitrary code\n(bnc#1146516).\n\nCVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific\nsocket option, an attacker could control a pointer in kernel land and\ncause an inet_csk_listen_stop general protection fault, or potentially\nexecute arbitrary code under certain circumstances. The issue can be\ntriggered as root (e.g., inside a default LXC container or with the\nCAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)\n\nCVE-2019-9506: The Bluetooth BR/EDR specification used to permit\nsufficiently low encryption key length and did not prevent an attacker\nfrom influencing the key length negotiation. This allowed practical\nbrute-force attacks (aka 'KNOB') that could decrypt traffic and inject\narbitrary ciphertext without the victim noticing (bnc#1137865).\n\nCVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath\nwas fixed (bnc#1146378).\n\nCVE-2019-15290: A NULL pointer dereference in\nath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).\n\nCVE-2019-15212: A double-free issue was fixed in drivers/usb driver\n(bnc#1146391).\n\nCVE-2016-10906: A use-after-free issue was fixed in\ndrivers/net/ethernet/arc (bnc#1146584).\n\nCVE-2019-15217: A a NULL pointer dereference issue caused by a\nmalicious USB device was fixed in the drivers/media/usb/zr364xx driver\n(bnc#1146519).\n\nCVE-2019-15218: A NULL pointer dereference caused by a malicious USB\ndevice was fixed in the drivers/media/usb/siano driver (bnc#1146413).\n\nCVE-2019-15215: A use-after-free issue caused by a malicious USB\ndevice was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).\n\nCVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver\n(bnc#1146285).\n\nCVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c\ndriver (bnc#1146163).\n\nCVE-2019-10207: Add checks for missing tty operations to prevent\nunprivileged user to execute 0x0 address (bsc#1142857 bsc#1123959)\n\nCVE-2019-15118: ALSA: usb-audio: Fix a stack-based buffer overflow bug\nin check_input_term leading to kernel stack exhaustion (bsc#1145922).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1147122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=999278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10906/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18509/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18551/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18595/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20976/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15098/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15118/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15215/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15217/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15218/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15290/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15505/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15926/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15927/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16413/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9506/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00e1d55f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2950=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2950=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2019-2950=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_124-default-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_124-xen-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.124.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.124.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:47", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14218-1 advisory.\n\n - An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. (CVE-2017-18509)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. (CVE-2019-10220)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. (CVE-2019-15118)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (CVE-2019-15216)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\n - An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.\n (CVE-2019-15291)\n\n - An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.\n (CVE-2019-15292)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. (CVE-2019-15902)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16232)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16234)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.\n (CVE-2019-16413)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. (CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. (CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18509", "CVE-2017-18551", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15219", "CVE-2019-15291", "CVE-2019-15292", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17133", "CVE-2019-9456"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14218-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150533", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14218-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150533);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2018-12207\",\n \"CVE-2018-20976\",\n \"CVE-2019-9456\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15118\",\n \"CVE-2019-15212\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15219\",\n \"CVE-2019-15291\",\n \"CVE-2019-15292\",\n \"CVE-2019-15505\",\n \"CVE-2019-15807\",\n \"CVE-2019-15902\",\n \"CVE-2019-15927\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16413\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14218-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14218-1 advisory.\n\n - An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket\n option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general\n protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be\n triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after\n namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of\n the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before\n 4.9.187. (CVE-2017-18509)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to potentially enable denial of service of the host system via\n local access. (CVE-2018-12207)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory\n entry lists. (CVE-2019-10220)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to\n kernel stack exhaustion. (CVE-2019-15118)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB\n device in the drivers/usb/misc/rio500.c driver. (CVE-2019-15212)\n\n - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/yurex.c driver. (CVE-2019-15216)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\n - An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a\n malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.\n (CVE-2019-15291)\n\n - An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit,\n related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.\n (CVE-2019-15292)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via\n crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x\n through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the\n upstream x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() commit reintroduced the Spectre\n vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry\n picking specific commits, and because two (correctly ordered) code lines were swapped. (CVE-2019-15902)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function\n build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16232)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16234)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.\n (CVE-2019-16413)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2\n does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-0614e2b73768. (CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2\n does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-6cc03e8aa36c. (CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation. (CVE-2019-9456)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/802154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/936875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1101061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1113201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1145477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1145922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1147122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1148938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1149376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1149522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1150599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1151347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1155671\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-November/006135.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a4cd4f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9456\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15505\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.108', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.108', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.108', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.108', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:38:03", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-0154: Fix a local denial of service via read of unprotected i915 registers.\n(bsc#1135966)\n\nCVE-2019-0155: Fix privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967)\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465)\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo"], "id": "SUSE_SU-2019-2946-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2946-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130946);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16995\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with\nTransactional Memory support could be used to facilitate sidechannel\ninformation leaks out of microarchitectural buffers, similar to the\npreviously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX\noperation altogether (requiring CPU Microcode updates on older\nsystems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-0154: Fix a\nlocal denial of service via read of unprotected i915 registers.\n(bsc#1135966)\n\nCVE-2019-0155: Fix privilege escalation in the i915 driver. Batch\nbuffers from usermode could have escalated privileges via blitter\ncommand stream. (bsc#1135967)\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if\nhsr_add_port failed to add a port, which may have caused denial of\nservice (bsc#1152685).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465)\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2c4ec3a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-2946=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2946=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-2946=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-2946=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-2946=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2946=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-2946=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.41.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:38:41", "description": "The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man"], "id": "SUSE_SU-2019-2947-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2947-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130947);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16995\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as needed. More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:\nAborting an asynchronous TSX operation on Intel CPUs with\nTransactional Memory support could be used to facilitate sidechannel\ninformation leaks out of microarchitectural buffers, similar to the\npreviously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable\nTSX operation altogether (requiring CPU Microcode updates on\nolder systems) and better flushing of microarchitectural\nbuffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if\nhsr_add_port failed to add a port, which may have caused\ndenial of service (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=802154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=814594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=919448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=987367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=998153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f4bae99\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2947=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-2947=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.26.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:50", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).\n\nCVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465).\n\nCVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452).\n\nCVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nCVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).\n\nCVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-01T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18595", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-16232", "CVE-2019-16234", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2879-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130452);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-18595\",\n \"CVE-2019-9506\",\n \"CVE-2019-14821\",\n \"CVE-2019-15291\",\n \"CVE-2019-16232\",\n \"CVE-2019-16234\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2017-18595: A double free may be caused by the function\nallocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way\nLinux kernel's KVM hypervisor implements the coalesced MMIO write\noperation. It operates on an MMIO ring buffer 'struct\nkvm_coalesced_mmio' object, wherein write indices 'ring->first' and\n'ring->last' value could be supplied by a host user-space process. An\nunprivileged host user or process with access to '/dev/kvm' device\ncould use this flaw to crash the host kernel, resulting in a denial of\nservice or potentially escalating privileges on the system\n(bnc#1151350).\n\nCVE-2019-15291: There was a NULL pointer dereference caused by a\nmalicious USB device in the flexcop_usb_probe function in the\ndrivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including\nversion 5.1 permitted sufficiently low encryption key length and did\nnot prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could\ndecrypt traffic and injected arbitrary ciphertext without the victim\nnoticing (bnc#1137865 bnc#1146042).\n\nCVE-2019-16232: Fixed a NULL pointer dereference in\ndrivers/net/wireless/marvell/libertas/if_sdio.c, which did not check\nthe alloc_workqueue return value (bnc#1150465).\n\nCVE-2019-16234: Fixed a NULL pointer dereference in\ndrivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check\nthe alloc_workqueue return value (bnc#1150452).\n\nCVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create\nin net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which\nallowed unprivileged users to create a raw socket, aka\nCID-3a359798b176 (bnc#1152788).\n\nCVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid\nin net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).\n\nCVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in\ndrivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could\nhave led to a buffer overflow (bnc#1154372).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18595/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9506/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192879-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23636ee0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-2879=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2879=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2879=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-2879=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-2879=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2879=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:38:41", "description": "The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505 1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW).\n\nThe set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 (bnc#1139073 1152497 1152505 1152506). CVE-2019-18805: There was a signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187).\n\nCVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18805"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2953-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2953-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130951);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16995\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nThe Linux Kernel kvm hypervisor was adjusted to avoid page size\nchanges in executable pages by splitting / merging huge pages into\nsmall pages as More information can be found on\nhttps://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505\n1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX\noperation on Intel CPUs with Transactional Memory support could be\nused to facilitate sidechannel information leaks out of\nmicroarchitectural buffers, similar to the previously described\n'Microarchitectural Data Sampling' attack.\n\nThe Linux kernel was supplemented with the option to disable\nTSX operation altogether (requiring CPU Microcode updates on\nolder systems) and better flushing of microarchitectural\nbuffers (VERW).\n\nThe set of options available is described in our TID at\nhttps://www.suse.com/support/kb/doc/?id=7024251 (bnc#1139073\n1152497 1152505 1152506). CVE-2019-18805: There was a signed\ninteger overflow in tcp_ack_update_rtt() when userspace\nwrites a very large integer to\n/proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of\nservice or possibly unspecified other impact, aka\nCID-19fad20d15a6 (bnc#1156187).\n\nCVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bnc#1152782).\n\nCVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if\nhsr_add_port failed to add a port, which may have caused denial of\nservice (bsc#1152685).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903).\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=919448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=987367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=998153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7023735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6873dc02\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2953=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:45", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448).\n\nCVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966).\n\nCVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967).\n\nCVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466).\n\nCVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187).\n\nCVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782).\n\nCVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.(bsc#1139073). The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903)\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).\n\nCVE-2019-15291: Fixed a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function (bsc#1146519).\n\nCVE-2019-14821: Fixed an out-of-bounds access resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2017-18595: Fixed a double free which caused by the function allocate_trace_buffer (bsc#1149555).\n\nCVE-2019-9506: Fixed an issue with Bluetooth which permited low encryption key length and did not prevent an attacker from influencing the key length negotiation allowing brute-force attacks (bsc#1137865).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18595", "CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-15916", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-extra", "p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-base", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-3295-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132071", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3295-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132071);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-18595\",\n \"CVE-2018-12207\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-9506\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-14821\",\n \"CVE-2019-15291\",\n \"CVE-2019-15916\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16995\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which\nmight have led denial of service (bsc#1149448).\n\nCVE-2019-0154: Fixed an improper access control in subsystem for Intel\n(R) processor graphics whichs may have allowed an authenticated user\nto potentially enable denial of service via local access\n(bsc#1135966).\n\nCVE-2019-0155: Fixed an improper access control in subsystem for Intel\n(R) processor graphics whichs may have allowed an authenticated user\nto potentially enable escalation of privilege via local access\n(bsc#1135967).\n\nCVE-2019-16231: Fixed a NULL pointer dereference due to lack of\nchecking the alloc_workqueue return value (bsc#1150466).\n\nCVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt()\nleading to a denial of service or possibly unspecified other impact\n(bsc#1156187).\n\nCVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to\nrestrict unprivileged users to create a raw socket (bsc#1152782).\n\nCVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may\nhave caused denial of service (bsc#1152685).\n\nCVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs\nwith Transactional Memory support could be used to facilitate\nsidechannel information leaks out of microarchitectural buffers,\nsimilar to the previously described 'Microarchitectural Data Sampling'\nattack.(bsc#1139073). The Linux kernel was supplemented with the\noption to disable TSX operation altogether (requiring CPU Microcode\nupdates on older systems) and better flushing of microarchitectural\nbuffers (VERW). The set of options available is described in our TID\nat https://www.suse.com/support/kb/doc/?id=7024251\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the\nalloc_workqueue return value, leading to a NULL pointer dereference.\n(bsc#1150457).\n\nCVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit\na race condition in the Instruction Fetch Unit of the Intel CPU to\ncause a Machine Exception during Page Size Change, causing the CPU\ncore to be non-functional.\n\nCVE-2019-10220: Added sanity checks on the pathnames passed to the\nuser space. (bsc#1144903)\n\nCVE-2019-17666: rtlwifi: Fix potential overflow in P2P code\n(bsc#1154372).\n\nCVE-2019-16232: Fix a potential NULL pointer dereference in the\nMarwell libertas driver (bsc#1150465).\n\nCVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue\nreturn value, leading to a NULL pointer dereference. (bsc#1150452).\n\nCVE-2019-17133: cfg80211 wireless extension did not reject a long SSID\nIE, leading to a Buffer Overflow (bsc#1153158).\n\nCVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,\nwhich meant that unprivileged users could create a raw socket\n(bsc#1152788).\n\nCVE-2019-15291: Fixed a NULL pointer dereference caused by a malicious\nUSB device in the flexcop_usb_probe function (bsc#1146519).\n\nCVE-2019-14821: Fixed an out-of-bounds access resulting in a denial of\nservice or potentially escalating privileges on the system\n(bnc#1151350).\n\nCVE-2017-18595: Fixed a double free which caused by the function\nallocate_trace_buffer (bsc#1149555).\n\nCVE-2019-9506: Fixed an issue with Bluetooth which permited low\nencryption key length and did not prevent an attacker from influencing\nthe key length negotiation allowing brute-force attacks (bsc#1137865).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18595/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14821/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15291/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15916/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16231/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16234/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16995/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17055/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17666/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9506/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/support/kb/doc/?id=7024251\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93d68aa5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1:zypper in -t patch\nSUSE-SLE-Module-RT-15-SP1-2019-3295=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3295=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.14.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:59", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c. if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685).\n\n - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457).\n\n - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling (bsc#1051510).\n\n - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854)\n\n - ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510).\n\n - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).\n\n - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510).\n\n - ALSA: hda/hdmi - Do not report spurious jack state changes (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).\n\n - ALSA: hda/realtek - PCI quirk for Medion E4254 (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).\n\n - ALSA: usb-audio: Add DSD support for EVGA NU Audio (bsc#1051510).\n\n - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).\n\n - ALSA: usb-audio: Clean up check_input_term() (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: DSD auto-detection for Playback Designs (bsc#1051510).\n\n - ALSA: usb-audio: fix PCM device order (bsc#1051510).\n\n - ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() (bsc#1051510).\n\n - ALSA: usb-audio: More validations of descriptor units (bsc#1051510).\n\n - ALSA: usb-audio: remove some dead code (bsc#1051510).\n\n - ALSA: usb-audio: Remove superfluous bLength checks (bsc#1051510).\n\n - ALSA: usb-audio: Simplify parse_audio_unit() (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).\n\n - ALSA: usb-audio: Unify audioformat release code (bsc#1051510).\n\n - ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects (bsc#1051510).\n\n - ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).\n\n - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).\n\n - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit() (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout handler (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).\n\n - bnxt_en: Add PCI IDs for 57500 series NPAR devices (bsc#1153607).\n\n - bpf: fix use after free in prog symbol exposure (bsc#1083647).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).\n\n - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).\n\n - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).\n\n - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).\n\n - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).\n\n - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).\n\n - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510).\n\n - crypto: af_alg - consolidation of duplicate code (bsc#1154737).\n\n - crypto: af_alg - fix race accessing cipher request (bsc#1154737).\n\n - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737).\n\n - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510).\n\n - crypto: af_alg - remove locking in async callback (bsc#1154737).\n\n - crypto: af_alg - update correct dst SGL entry (bsc#1051510).\n\n - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737).\n\n - crypto: algif_aead - copy AAD from src to dst (bsc#1154737).\n\n - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737).\n\n - crypto: algif_aead - overhaul memory management (bsc#1154737).\n\n - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737).\n\n - crypto: algif - return error code when no data was processed (bsc#1154737).\n\n - crypto: algif_skcipher - overhaul memory management (bsc#1154737).\n\n - crypto: talitos - fix missing break in switch statement (bsc#1142635).\n\n - cxgb4: do not dma memory off of the stack (bsc#1152790).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129).\n\n - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm: add __user attribute to ptr_to_compat() (bsc#1111666).\n\n - drm/amd/display: fix issue where 252-255 values are clipped (bsc#1111666).\n\n - drm/amd/display: reprogram VM config when system resume (bsc#1111666).\n\n - drm/amd/display: Restore backlight brightness after system resume (bsc#1112178)\n\n - drm/amd/display: support spdif (bsc#1111666).\n\n - drm/amd/dm: Understand why attaching path/tile properties are needed (bsc#1111666).\n\n - drm/amdgpu: Check for valid number of registers to read (bsc#1051510).\n\n - drm/amdgpu: Fix KFD-related kernel oops on Hawaii (bsc#1111666).\n\n - drm/amdgpu/gfx9: Update gfx9 golden settings (bsc#1111666).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666).\n\n - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510).\n\n - drm/amd/pp: Fix truncated clock value when set watermark (bsc#1111666).\n\n - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510).\n\n - drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Disallow new modesets on unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Stop modesets on unregistered connectors harder (bsc#1111666).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510).\n\n - drm/bridge: tfp410: fix memleak in get_modes() (bsc#1111666).\n\n - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/i915: Cleanup gt powerstate from gem (bsc#1111666).\n\n - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666).\n\n - drm/i915/gvt: update vgpu workload head pointer correctly (bsc#1112178)\n\n - drm/i915: Restore sane defaults for KMS on GEM error load (bsc#1111666).\n\n - drm/mediatek: set DMA max segment size (bsc#1111666).\n\n - drm/msm/dsi: Fix return value check for clk_get_parent (bsc#1111666).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling (bsc#1111666).\n\n - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP connectors (bsc#1112178)\n\n - drm/nouveau/volt: Fix for some cards having 0 maximum voltage (bsc#1111666).\n\n - drm/omap: fix max fclk divider for omap36xx (bsc#1111666).\n\n - drm/panel: check failure cases in the probe func (bsc#1111666).\n\n - drm/panel: make drm_panel.h self-contained (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC (bsc#1111666).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510).\n\n - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed (bsc#1111666).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds (bsc#1111666).\n\n - drm/rockchip: Check for fast link training before enabling psr (bsc#1111666).\n\n - drm/stm: attach gem fence to atomic state (bsc#1111666).\n\n - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet (bsc#1051510).\n\n - efi/arm: Show SMBIOS bank/device location in CPER and GHES error logs (bsc#1152033).\n\n - efi: cper: print AER info of PCIe fatal error (bsc#1051510).\n\n - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510).\n\n - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer dereference in radeon_connector_set_property() (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN (bsc#1051510).\n\n - HID: fix error message in hid_open_report() (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510).\n\n - HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510).\n\n - hso: fix NULL-deref on tty open (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness() (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510).\n\n - ieee802154: ca8210: prevent memory leak (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race (bsc#1051510).\n\n - ima: always return negative code for error (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510).\n\n - Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510).\n\n - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05).\n\n - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05).\n\n - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (bsc#1111666).\n\n - ixgbe: Fix secpath usage for IPsec TX offload (bsc#1113994 bsc#1151807).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - kABI workaround for crypto/af_alg changes (bsc#1154737).\n\n - kABI workaround for drm_connector.registered type changes (bsc#1111666).\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354).\n\n - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875).\n\n - ksm: cleanup stable_node chain collapse case (bnc#1144338).\n\n - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).\n\n - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338).\n\n - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338).\n\n - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - libnvdimm/security: provide fix for secure-erase to use zero-key (bsc#1149853).\n\n - lpfc: Add additional discovery log messages (bsc#1154521).\n\n - lpfc: Add FA-WWN Async Event reporting (bsc#1154521).\n\n - lpfc: Add FC-AL support to lpe32000 models (bsc#1154521).\n\n - lpfc: Add log macros to allow print by serverity or verbocity setting (bsc#1154521).\n\n - lpfc: Fix bad ndlp ptr in xri aborted handling (bsc#1154521).\n\n - lpfc: fix coverity error of dereference after null check (bsc#1154521).\n\n - lpfc: Fix hardlockup in lpfc_abort_handler (bsc#1154521).\n\n - lpfc: Fix lockdep errors in sli_ringtx_put (bsc#1154521).\n\n - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count (bsc#1154521).\n\n - lpfc: Fix reporting of read-only fw error errors (bsc#1154521).\n\n - lpfc: Fix SLI3 hba in loop mode not discovering devices (bsc#1154521).\n\n - lpfc: Make FW logging dynamically configurable (bsc#1154521).\n\n - lpfc: Remove lock contention target write path (bsc#1154521).\n\n - lpfc: Revise interrupt coalescing for missing scenarios (bsc#1154521).\n\n - lpfc: Slight fast-path Performance optimizations (bsc#1154521).\n\n - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521).\n\n - mac80211: accept deauth frames in IBSS mode (bsc#1051510).\n\n - mac80211: fix txq NULL pointer dereference (bsc#1051510).\n\n - mac80211: Reject malformed SSID elements (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach() (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510).\n\n - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).\n\n - net: Fix null de-reference of device refcount (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ).\n\n - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30).\n\n - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05).\n\n - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30).\n\n - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05).\n\n - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).\n\n - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).\n\n - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).\n\n - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30).\n\n - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05).\n\n - net_sched: add policy validation for action attributes (networking-stable-19_09_30).\n\n - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05).\n\n - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05).\n\n - nfc: fix attrs checks in netlink interface (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks (bsc#1051510).\n\n - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).\n\n - nl80211: fix NULL pointer dereference (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30).\n\n - packaging: add support for riscv64\n\n - PCI: Correct pci=resource_alignment parameter example (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: cherryview: restore Strago DMI workaround for all versions (bsc#1111666).\n\n - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable (bsc#1051510).\n\n - platform/x86: i2c-multi-instantiate: Derive the device name from parent (bsc#1111666).\n\n - platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (bsc#1111666).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778).\n\n - powerplay: Respect units on max dcfclk watermark (bsc#1111666).\n\n - power: supply: sysfs: ratelimit property read error message (bsc#1051510).\n\n - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545).\n\n - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05).\n\n - r8152: Set macpassthru in reset_resume callback (bsc#1051510).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory (bsc#1050244).\n\n - rds: Fix warning (bsc#1154848).\n\n - Revert 'drm/amd/display: Fix underscan not using proper scaling' (bsc#1111666).\n\n - Revert 'drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD' (bsc#1111666).\n\n - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635).\n\n - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).\n\n - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091).\n\n - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05).\n\n - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15).\n\n - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30).\n\n - scsi: lpfc: Check queue pointer before use (bsc#1154242).\n\n - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt (bsc#1154521).\n\n - scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters (bsc#1154521).\n\n - scsi: lpfc: Convert existing %pf users to %ps (bsc#1154521).\n\n - scsi: lpfc: Fix coverity errors on NULL pointer checks (bsc#1154521).\n\n - scsi: lpfc: Fix device recovery errors after PLOGI failures (bsc#1154521).\n\n - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040).\n\n - scsi: lpfc: Fix discovery failures when target device connectivity bounces (bsc#1154521).\n\n - scsi: lpfc: Fix GPF on scsi command completion (bsc#1154521).\n\n - scsi: lpfc: Fix hdwq sgl locks and irq handling (bsc#1154521).\n\n - scsi: lpfc: Fix host hang at boot or slow boot (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bsc#1154521).\n\n - scsi: lpfc: Fix locking on mailbox command completion (bsc#1154521).\n\n - scsi: lpfc: Fix miss of register read failure check (bsc#1154521).\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS (bsc#1154521).\n\n - scsi: lpfc: Fix NVME io abort failures causing hangs (bsc#1154521).\n\n - scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down (bsc#1154521).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883).\n\n - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs (bsc#1154521).\n\n - scsi: lpfc: Fix rpi release when deleting vport (bsc#1154521).\n\n - scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bsc#1154521).\n\n - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static (bsc#1154521).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: lpfc: remove left-over BUILD_NVME defines (bsc#1154268).\n\n - scsi: lpfc: Update async event logging (bsc#1154521).\n\n - scsi: lpfc: Update lpfc version to 12.4.0.1 (bsc#1154521).\n\n - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729).\n\n - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).\n\n - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15).\n\n - Sign non-x86 kernels when possible (boo#1134303)\n\n - skge: fix checksum byte order (networking-stable-19_09_30).\n\n - sock_diag: fix autoloading of the raw_diag module (bsc#1152791).\n\n - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791).\n\n - staging: bcm2835-audio: Fix draining behavior regression (bsc#1111666).\n\n - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510).\n\n - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510).\n\n - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes).\n\n - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).\n\n - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05).\n\n - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05).\n\n - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510).\n\n - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).\n\n - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15).\n\n - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05).\n\n - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508).\n\n - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15).\n\n - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099).\n\n - Update patches.suse/NFSv4-Check-the-return-value-of-update_open\n _stateid.patch (boo#1154189 bsc#1154747).\n\n - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on disconnect (bsc#1142635).\n\n - usb: adutux: fix use-after-free on release (bsc#1051510).\n\n - usb: chaoskey: fix use-after-free on release (bsc#1051510).\n\n - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on release (bsc#1051510).\n\n - usb: ldusb: fix memleak on disconnect (bsc#1051510).\n\n - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).\n\n - usb: ldusb: fix read info leaks (bsc#1051510).\n\n - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).\n\n - usb: legousbtower: fix deadlock on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix memleak on disconnect (bsc#1051510).\n\n - usb: legousbtower: fix open after failed reset request (bsc#1142635).\n\n - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635).\n\n - usb: legousbtower: fix slab info leak at probe (bsc#1142635).\n\n - usb: legousbtower: fix use-after-free on release (bsc#1051510).\n\n - usb: microtek: fix info-leak at probe (bsc#1142635).\n\n - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510).\n\n - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510).\n\n - usb: serial: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510).\n\n - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510).\n\n - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510).\n\n - usb: serial: option: add Telit FN980 compositions (bsc#1051510).\n\n - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).\n\n - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).\n\n - usb: usblcd: fix I/O after disconnect (bsc#1142635).\n\n - usb: usblp: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usblp: fix use-after-free on disconnect (bsc#1051510).\n\n - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510).\n\n - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510).\n\n - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510).\n\n - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510).\n\n - usb: yurex: Do not retry on unexpected errors (bsc#1051510).\n\n - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).\n\n - vfio_pci: Restore original state on release (bsc#1051510).\n\n - vhost_net: conditionally enable tx polling (bsc#1145099).\n\n - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510).\n\n - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05).\n\n - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510).\n\n - x86/asm: Fix MWAITX C-state hint value (bsc#1114279).\n\n - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969).\n\n - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279).\n\n - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600).\n\n - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).\n\n - xhci: Check all endpoints for LPM timeout (bsc#1051510).\n\n - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510).\n\n - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510).\n\n - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510).", "cvss3": {}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2444.NASL", "href": "https://www.tenable.com/plugins/nessus/130582", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2444.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130582);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-16232\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-16995\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)\");\n script_summary(english:\"Check for the openSUSE-2019-2444 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-16995: A memory leak exits in\n hsr_dev_finalize() in net/hsr/hsr_device.c. if\n hsr_add_port fails to add a port, which may cause denial\n of service, aka CID-6caabe7f197d (bnc#1152685).\n\n - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150457).\n\n - CVE-2019-17666: rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c lacked a\n certain upper-bound check, leading to a buffer overflow\n (bnc#1154372).\n\n - CVE-2019-16232:\n drivers/net/wireless/marvell/libertas/if_sdio.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150465).\n\n - CVE-2019-16234:\n drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not\n check the alloc_workqueue return value, leading to a\n NULL pointer dereference (bnc#1150452).\n\n - CVE-2019-17133: cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c did not reject a long SSID IE,\n leading to a Buffer Overflow (bnc#1153158).\n\n - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c\n in the AF_NFC network module did not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka CID-3a359798b176 (bnc#1152788).\n\nThe following non-security bugs were fixed :\n\n - 9p: avoid attaching writeback_fid on mmap with type\n PRIVATE (bsc#1051510).\n\n - ACPI / CPPC: do not require the _PSD method\n (bsc#1051510).\n\n - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in\n acpi_cppc_processor_exit() (bsc#1051510).\n\n - ACPI / processor: do not print errors for processorIDs\n == 0xff (bsc#1051510).\n\n - act_mirred: Fix mirred_init_module error handling\n (bsc#1051510).\n\n - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510).\n\n - Add kernel module compression support (bsc#1135854)\n\n - ALSA: hda - Add a quirk model for fixing Huawei Matebook\n X right speaker (bsc#1051510).\n\n - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).\n\n - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop\n (bsc#1051510).\n\n - ALSA: hda: Add support of Zhaoxin controller\n (bsc#1051510).\n\n - ALSA: hda: Add Tigerlake/Jasperlake PCI ID\n (bsc#1051510).\n\n - ALSA: hda - Apply AMD controller workaround for Raven\n platform (bsc#1051510).\n\n - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269\n family (bsc#1051510).\n\n - ALSA: hda - Drop unsol event handler for Intel HDMI\n codecs (bsc#1051510).\n\n - ALSA: hda - Expand pin_match function to match upcoming\n new tbls (bsc#1051510).\n\n - ALSA: hda: Flush interrupts on disabling (bsc#1051510).\n\n - ALSA: hda - Force runtime PM on Nvidia HDMI codecs\n (bsc#1051510).\n\n - ALSA: hda/hdmi - Do not report spurious jack state\n changes (bsc#1051510).\n\n - ALSA: hda/hdmi: remove redundant assignment to variable\n pcm_idx (bsc#1051510).\n\n - ALSA: hda - Inform too slow responses (bsc#1051510).\n\n - ALSA: hda/realtek - Add support for ALC711\n (bsc#1051510).\n\n - ALSA: hda/realtek - Blacklist PC beep for Lenovo\n ThinkCentre M73/93 (bsc#1051510).\n\n - ALSA: hda/realtek - Check beep whitelist before\n assigning in all codecs (bsc#1051510).\n\n - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA\n (bsc#1051510).\n\n - ALSA: hda/realtek - Fix alienware headset mic\n (bsc#1051510).\n\n - ALSA: hda/realtek - PCI quirk for Medion E4254\n (bsc#1051510).\n\n - ALSA: hda/realtek: Reduce the Headphone static noise on\n XPS 9350/9360 (bsc#1051510).\n\n - ALSA: hda: Set fifo_size for both playback and capture\n streams (bsc#1051510).\n\n - ALSA: hda - Show the fatal CORB/RIRB error more clearly\n (bsc#1051510).\n\n - ALSA: hda/sigmatel - remove unused variable\n 'stac9200_core_init' (bsc#1051510).\n\n - ALSA: i2c: ak4xxx-adda: Fix a possible NULL pointer\n dereference in build_adc_controls() (bsc#1051510).\n\n - ALSA: line6: sizeof (byte) is always 1, use that fact\n (bsc#1051510).\n\n - ALSA: usb-audio: Add DSD support for EVGA NU Audio\n (bsc#1051510).\n\n - ALSA: usb-audio: Add Hiby device family to quirks for\n native DSD support (bsc#1051510).\n\n - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck\n (bsc#1051510).\n\n - ALSA: usb-audio: Clean up check_input_term()\n (bsc#1051510).\n\n - ALSA: usb-audio: Disable quirks for BOSS Katana\n amplifiers (bsc#1051510).\n\n - ALSA: usb-audio: DSD auto-detection for Playback Designs\n (bsc#1051510).\n\n - ALSA: usb-audio: fix PCM device order (bsc#1051510).\n\n - ALSA: usb-audio: Fix possible NULL dereference at\n create_yamaha_midi_quirk() (bsc#1051510).\n\n - ALSA: usb-audio: More validations of descriptor units\n (bsc#1051510).\n\n - ALSA: usb-audio: remove some dead code (bsc#1051510).\n\n - ALSA: usb-audio: Remove superfluous bLength checks\n (bsc#1051510).\n\n - ALSA: usb-audio: Simplify parse_audio_unit()\n (bsc#1051510).\n\n - ALSA: usb-audio: Skip bSynchAddress endpoint check if it\n is invalid (bsc#1051510).\n\n - ALSA: usb-audio: Unify audioformat release code\n (bsc#1051510).\n\n - ALSA: usb-audio: Unify the release of\n usb_mixer_elem_info objects (bsc#1051510).\n\n - ALSA: usb-audio: Update DSD support quirks for Oppo and\n Rotel (bsc#1051510).\n\n - appletalk: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - arcnet: provide a buffer big enough to actually receive\n packets (networking-stable-19_09_30).\n\n - ASoC: Define a set of DAPM pre/post-up events\n (bsc#1051510).\n\n - ASoC: dmaengine: Make the pcm->name equal to pcm->id if\n the name is not set (bsc#1051510).\n\n - ASoC: Intel: Fix use of potentially uninitialized\n variable (bsc#1051510).\n\n - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).\n\n - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).\n\n - ASoC: rsnd: Reinitialize bit clock inversion flag for\n every format setting (bsc#1051510).\n\n - ASoC: sgtl5000: Fix charge pump source assignment\n (bsc#1051510).\n\n - auxdisplay: panel: need to delete scan_timer when\n misc_register fails in panel_attach (bsc#1051510).\n\n - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).\n\n - Blacklist 'signal: Correct namespace fixups of si_pid\n and si_uid' (bsc#1142667)\n\n - blk-wbt: abstract out end IO completion handler\n (bsc#1135873).\n\n - blk-wbt: fix has-sleeper queueing check (bsc#1135873).\n\n - blk-wbt: improve waking of tasks (bsc#1135873).\n\n - blk-wbt: move disable check into get_limit()\n (bsc#1135873).\n\n - blk-wbt: use wq_has_sleeper() for wq active check\n (bsc#1135873).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: add io timeout to sysfs (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout\n handler (bsc#1148410).\n\n - block: do not show io_timeout if driver has no timeout\n handler (bsc#1148410).\n\n - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth\n devices (bsc#1051510).\n\n - bnx2x: Fix VF's VLAN reconfiguration in reload\n (bsc#1086323 ).\n\n - bnxt_en: Add PCI IDs for 57500 series NPAR devices\n (bsc#1153607).\n\n - bpf: fix use after free in prog symbol exposure\n (bsc#1083647).\n\n - bridge/mdb: remove wrong use of NLM_F_MULTI\n (networking-stable-19_09_15).\n\n - btrfs: bail out gracefully rather than BUG_ON\n (bsc#1153646).\n\n - btrfs: block-group: Fix a memory leak due to missing\n btrfs_put_block_group() (bsc#1155178).\n\n - btrfs: check for the full sync flag while holding the\n inode lock during fsync (bsc#1153713).\n\n - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to\n date values (bsc#1154651).\n\n - btrfs: Ensure replaced device does not have pending\n chunk allocation (bsc#1154607).\n\n - btrfs: qgroup: Always free PREALLOC META reserve in\n btrfs_delalloc_release_extents() (bsc#1155179).\n\n - btrfs: remove wrong use of volume_mutex from\n btrfs_dev_replace_start (bsc#1154651).\n\n - btrfs: tracepoints: Fix bad entry members of qgroup\n events (bsc#1155186).\n\n - btrfs: tracepoints: Fix wrong parameter order for qgroup\n events (bsc#1155184).\n\n - can: mcp251x: mcp251x_hw_reset(): allow more time after\n a reset (bsc#1051510).\n\n - can: xilinx_can: xcan_probe(): skip error message on\n deferred probe (bsc#1051510).\n\n - cdc_ether: fix rndis support for Mediatek based\n smartphones (networking-stable-19_09_15).\n\n - cdc_ncm: fix divide-by-zero caused by invalid\n wMaxPacketSize (bsc#1051510).\n\n - ceph: fix directories inode i_blkbits initialization\n (bsc#1153717).\n\n - ceph: reconnect connection if session hang in opening\n state (bsc#1153718).\n\n - ceph: update the mtime when truncating up (bsc#1153719).\n\n - cfg80211: add and use strongly typed element iteration\n macros (bsc#1051510).\n\n - cfg80211: Purge frame registrations on iftype change\n (bsc#1051510).\n\n - clk: at91: select parent if main oscillator or bypass is\n enabled (bsc#1051510).\n\n - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510).\n\n - clk: sirf: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - clk: zx296718: Do not reference clk_init_data after\n registration (bsc#1051510).\n\n - crypto: af_alg - consolidation of duplicate code\n (bsc#1154737).\n\n - crypto: af_alg - fix race accessing cipher request\n (bsc#1154737).\n\n - crypto: af_alg - Fix race around ctx->rcvused by making\n it atomic_t (bsc#1154737).\n\n - crypto: af_alg - Initialize sg_num_bytes in error code\n path (bsc#1051510).\n\n - crypto: af_alg - remove locking in async callback\n (bsc#1154737).\n\n - crypto: af_alg - update correct dst SGL entry\n (bsc#1051510).\n\n - crypto: af_alg - wait for data at beginning of recvmsg\n (bsc#1154737).\n\n - crypto: algif_aead - copy AAD from src to dst\n (bsc#1154737).\n\n - crypto: algif_aead - fix reference counting of null\n skcipher (bsc#1154737).\n\n - crypto: algif_aead - overhaul memory management\n (bsc#1154737).\n\n - crypto: algif_aead - skip SGL entries with NULL page\n (bsc#1154737).\n\n - crypto: algif - return error code when no data was\n processed (bsc#1154737).\n\n - crypto: algif_skcipher - overhaul memory management\n (bsc#1154737).\n\n - crypto: talitos - fix missing break in switch statement\n (bsc#1142635).\n\n - cxgb4: do not dma memory off of the stack (bsc#1152790).\n\n - cxgb4: fix endianness for vlan value in cxgb4_tc_flower\n (bsc#1064802 bsc#1066129).\n\n - cxgb4:Fix out-of-bounds MSI-X info array access\n (networking-stable-19_10_05).\n\n - cxgb4: offload VLAN flows regardless of VLAN ethtype\n (bsc#1064802 bsc#1066129).\n\n - cxgb4: reduce kernel stack usage in\n cudbg_collect_mem_region() (bsc#1073513).\n\n - cxgb4: Signedness bug in init_one() (bsc#1097585\n bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583\n bsc#1097584).\n\n - cxgb4: smt: Add lock for atomic_dec_and_test\n (bsc#1064802 bsc#1066129).\n\n - dasd_fba: Display '00000000' for zero page when dumping\n sense\n\n - /dev/mem: Bail out upon SIGKILL (git-fixes).\n\n - drm: add __user attribute to ptr_to_compat()\n (bsc#1111666).\n\n - drm/amd/display: fix issue where 252-255 values are\n clipped (bsc#1111666).\n\n - drm/amd/display: reprogram VM config when system resume\n (bsc#1111666).\n\n - drm/amd/display: Restore backlight brightness after\n system resume (bsc#1112178)\n\n - drm/amd/display: support spdif (bsc#1111666).\n\n - drm/amd/dm: Understand why attaching path/tile\n properties are needed (bsc#1111666).\n\n - drm/amdgpu: Check for valid number of registers to read\n (bsc#1051510).\n\n - drm/amdgpu: Fix KFD-related kernel oops on Hawaii\n (bsc#1111666).\n\n - drm/amdgpu/gfx9: Update gfx9 golden settings\n (bsc#1111666).\n\n - drm/amdgpu/si: fix ASIC tests (git-fixes).\n\n - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666).\n\n - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666).\n\n - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)\n (bsc#1051510).\n\n - drm/amd/pp: Fix truncated clock value when set watermark\n (bsc#1111666).\n\n - drm/ast: Fixed reboot test may cause system hanged\n (bsc#1051510).\n\n - drm/atomic_helper: Allow DPMS On<->Off changes for\n unregistered connectors (bsc#1111666).\n\n - drm/atomic_helper: Disallow new modesets on unregistered\n connectors (bsc#1111666).\n\n - drm/atomic_helper: Stop modesets on unregistered\n connectors harder (bsc#1111666).\n\n - drm/bridge: tc358767: Increase AUX transfer length limit\n (bsc#1051510).\n\n - drm/bridge: tfp410: fix memleak in get_modes()\n (bsc#1111666).\n\n - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50\n (bsc#1051510).\n\n - drm: Flush output polling on shutdown (bsc#1051510).\n\n - drm/i915: Cleanup gt powerstate from gem (bsc#1111666).\n\n - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666).\n\n - drm/i915/gvt: update vgpu workload head pointer\n correctly (bsc#1112178)\n\n - drm/i915: Restore sane defaults for KMS on GEM error\n load (bsc#1111666).\n\n - drm/mediatek: set DMA max segment size (bsc#1111666).\n\n - drm/msm/dsi: Fix return value check for clk_get_parent\n (bsc#1111666).\n\n - drm/msm/dsi: Implement reset correctly (bsc#1051510).\n\n - drm/nouveau/disp/nv50-: fix center/aspect-corrected\n scaling (bsc#1111666).\n\n - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP\n connectors (bsc#1112178)\n\n - drm/nouveau/volt: Fix for some cards having 0 maximum\n voltage (bsc#1111666).\n\n - drm/omap: fix max fclk divider for omap36xx\n (bsc#1111666).\n\n - drm/panel: check failure cases in the probe func\n (bsc#1111666).\n\n - drm/panel: make drm_panel.h self-contained\n (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add extra quirk table\n entry for GPD MicroPC (bsc#1111666).\n\n - drm/panel: simple: fix AUO g185han01 horizontal blanking\n (bsc#1051510).\n\n - drm/radeon: Bail earlier when radeon.cik_/si_support=0\n is passed (bsc#1111666).\n\n - drm/radeon: Fix EEH during kexec (bsc#1051510).\n\n - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds\n (bsc#1111666).\n\n - drm/rockchip: Check for fast link training before\n enabling psr (bsc#1111666).\n\n - drm/stm: attach gem fence to atomic state (bsc#1111666).\n\n - drm/tilcdc: Register cpufreq notifier after we have\n initialized crtc (bsc#1051510).\n\n - drm/vmwgfx: Fix double free in vmw_recv_msg()\n (bsc#1051510).\n\n - e1000e: add workaround for possible stalled packet\n (bsc#1051510).\n\n - efi/arm: Show SMBIOS bank/device location in CPER and\n GHES error logs (bsc#1152033).\n\n - efi: cper: print AER info of PCIe fatal error\n (bsc#1051510).\n\n - efi/memattr: Do not bail on zero VA if it equals the\n region's PA (bsc#1051510).\n\n - efivar/ssdt: Do not iterate over EFI vars if no SSDT\n override was specified (bsc#1051510).\n\n - firmware: dmi: Fix unlikely out-of-bounds read in\n save_mem_devices (git-fixes).\n\n - Fix AMD IOMMU kABI (bsc#1154610).\n\n - Fix KVM kABI after x86 mmu backports (bsc#1117665).\n\n - gpu: drm: radeon: Fix a possible NULL pointer\n dereference in radeon_connector_set_property()\n (bsc#1051510).\n\n - HID: apple: Fix stuck function keys when using FN\n (bsc#1051510).\n\n - HID: fix error message in hid_open_report()\n (bsc#1051510).\n\n - HID: hidraw: Fix invalid read in hidraw_ioctl\n (bsc#1051510).\n\n - HID: logitech: Fix general protection fault caused by\n Logitech driver (bsc#1051510).\n\n - HID: logitech-hidpp: do all FF cleanup in\n hidpp_ff_destroy() (bsc#1051510).\n\n - HID: prodikeys: Fix general protection fault during\n probe (bsc#1051510).\n\n - HID: sony: Fix memory corruption issue on cleanup\n (bsc#1051510).\n\n - hso: fix NULL-deref on tty open (bsc#1051510).\n\n - hwmon: (acpi_power_meter) Change log level for 'unsafe\n software power cap' (bsc#1051510).\n\n - hwrng: core - do not wait on add_early_randomness()\n (git-fixes).\n\n - i2c: riic: Clear NACK in tend isr (bsc#1051510).\n\n - IB/core, ipoib: Do not overreact to SM LID change event\n (bsc#1154108)\n\n - IB/hfi1: Remove overly conservative VM_EXEC flag check\n (bsc#1144449).\n\n - IB/mlx5: Consolidate use_umr checks into single function\n (bsc#1093205).\n\n - IB/mlx5: Fix MR re-registration flow to use UMR properly\n (bsc#1093205).\n\n - IB/mlx5: Report correctly tag matching rendezvous\n capability (bsc#1046305).\n\n - ieee802154: atusb: fix use-after-free at disconnect\n (bsc#1051510).\n\n - ieee802154: ca8210: prevent memory leak (bsc#1051510).\n\n - ieee802154: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - iio: adc: ad799x: fix probe error handling\n (bsc#1051510).\n\n - iio: light: opt3001: fix mutex unlock race\n (bsc#1051510).\n\n - ima: always return negative code for error\n (bsc#1051510).\n\n - Input: da9063 - fix capability and drop KEY_SLEEP\n (bsc#1051510).\n\n - Input: synaptics-rmi4 - avoid processing unknown IRQs\n (bsc#1051510).\n\n - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer\n Aspire A315-41 (bsc#1137799).\n\n - iommu/amd: Check PM_LEVEL_SIZE() condition in locked\n section (bsc#1154608).\n\n - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge\n systems (bsc#1137799).\n\n - iommu/amd: Remove domain->updated (bsc#1154610).\n\n - iommu/amd: Wait for completion of IOTLB flush in\n attach_device (bsc#1154611).\n\n - ipmi_si: Only schedule continuously in the thread in\n maintenance mode (bsc#1051510).\n\n - ipv6: drop incoming packets having a v4mapped source\n address (networking-stable-19_10_05).\n\n - ipv6: Fix the link time qualifier of\n 'ping_v6_proc_exit_net()' (networking-stable-19_09_15).\n\n - ipv6: Handle missing host route in __ipv6_ifa_notify\n (networking-stable-19_10_05).\n\n - iwlwifi: pcie: fix memory leaks in\n iwl_pcie_ctxt_info_gen3_init (bsc#1111666).\n\n - ixgbe: Fix secpath usage for IPsec TX offload\n (bsc#1113994 bsc#1151807).\n\n - ixgbe: Prevent u8 wrapping of ITR value to something\n less than 10us (bsc#1101674).\n\n - ixgbe: sync the first fragment unconditionally\n (bsc#1133140).\n\n - kabi: net: sched: act_sample: fix psample group handling\n on overwrite (networking-stable-19_09_05).\n\n - kABI workaround for crypto/af_alg changes (bsc#1154737).\n\n - kABI workaround for drm_connector.registered type\n changes (bsc#1111666).\n\n - kABI workaround for snd_hda_pick_pin_fixup() changes\n (bsc#1051510).\n\n - kernel-binary.spec.in: Fix build of non-modular kernels\n (boo#1154578).\n\n - kernel-subpackage-build: create zero size ghost for\n uncompressed vmlinux (bsc#1154354).\n\n - kernel/sysctl.c: do not override max_threads provided by\n userspace (bnc#1150875).\n\n - ksm: cleanup stable_node chain collapse case\n (bnc#1144338).\n\n - ksm: fix use after free with merge_across_nodes = 0\n (bnc#1144338).\n\n - ksm: introduce ksm_max_page_sharing per page\n deduplication limit (bnc#1144338).\n\n - ksm: optimize refile of stable_node_dup at the head of\n the chain (bnc#1144338).\n\n - ksm: swap the two output parameters of chain/chain_prune\n (bnc#1144338).\n\n - kvm: Convert kvm_lock to a mutex (bsc#1117665).\n\n - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665).\n\n - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing\n host_ipi flag (bsc#1061840).\n\n - kvm: x86: add tracepoints around __direct_map and\n FNAME(fetch) (bsc#1117665).\n\n - kvm: x86: adjust kvm_mmu_page member to save 8 bytes\n (bsc#1117665).\n\n - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON\n (bsc#1117665).\n\n - kvm: x86: Do not release the page inside mmu_set_spte()\n (bsc#1117665).\n\n - kvm: x86: make FNAME(fetch) and __direct_map more\n similar (bsc#1117665).\n\n - kvm: x86, powerpc: do not allow clearing largepages\n debugfs entry (bsc#1117665).\n\n - kvm: x86: remove now unneeded hugepage gfn adjustment\n (bsc#1117665).\n\n - libertas: Add missing sentinel at end of if_usb.c\n fw_table (bsc#1051510).\n\n - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510).\n\n - libnvdimm/security: provide fix for secure-erase to use\n zero-key (bsc#1149853).\n\n - lpfc: Add additional discovery log messages\n (bsc#1154521).\n\n - lpfc: Add FA-WWN Async Event reporting (bsc#1154521).\n\n - lpfc: Add FC-AL support to lpe32000 models\n (bsc#1154521).\n\n - lpfc: Add log macros to allow print by serverity or\n verbocity setting (bsc#1154521).\n\n - lpfc: Fix bad ndlp ptr in xri aborted handling\n (bsc#1154521).\n\n - lpfc: fix coverity error of dereference after null check\n (bsc#1154521).\n\n - lpfc: Fix hardlockup in lpfc_abort_handler\n (bsc#1154521).\n\n - lpfc: Fix lockdep errors in sli_ringtx_put\n (bsc#1154521).\n\n - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count\n (bsc#1154521).\n\n - lpfc: Fix reporting of read-only fw error errors\n (bsc#1154521).\n\n - lpfc: Fix SLI3 hba in loop mode not discovering devices\n (bsc#1154521).\n\n - lpfc: Make FW logging dynamically configurable\n (bsc#1154521).\n\n - lpfc: Remove lock contention target write path\n (bsc#1154521).\n\n - lpfc: Revise interrupt coalescing for missing scenarios\n (bsc#1154521).\n\n - lpfc: Slight fast-path Performance optimizations\n (bsc#1154521).\n\n - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521).\n\n - mac80211: accept deauth frames in IBSS mode\n (bsc#1051510).\n\n - mac80211: fix txq NULL pointer dereference\n (bsc#1051510).\n\n - mac80211: Reject malformed SSID elements (bsc#1051510).\n\n - macsec: drop skb sk before calling gro_cells_receive\n (bsc#1051510).\n\n - media: atmel: atmel-isc: fix asd memory allocation\n (bsc#1135642).\n\n - media: cpia2_usb: fix memory leaks (bsc#1051510).\n\n - media: dvb-core: fix a memory leak bug (bsc#1051510).\n\n - media: exynos4-is: fix leaked of_node references\n (bsc#1051510).\n\n - media: gspca: zero usb_buf on error (bsc#1051510).\n\n - media: hdpvr: Add device num check and handling\n (bsc#1051510).\n\n - media: hdpvr: add terminating 0 at end of string\n (bsc#1051510).\n\n - media: i2c: ov5645: Fix power sequence (bsc#1051510).\n\n - media: iguanair: add sanity checks (bsc#1051510).\n\n - media: omap3isp: Do not set streaming state on random\n subdevs (bsc#1051510).\n\n - media: omap3isp: Set device on omap3isp subdevs\n (bsc#1051510).\n\n - media: ov9650: add a sanity check (bsc#1051510).\n\n - media: radio/si470x: kill urb on error (bsc#1051510).\n\n - media: saa7134: fix terminology around\n saa7134_i2c_eeprom_md7134_gate() (bsc#1051510).\n\n - media: saa7146: add cleanup in hexium_attach()\n (bsc#1051510).\n\n - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table\n (bsc#1051510).\n\n - media: stkwebcam: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - media: ttusb-dec: Fix info-leak in\n ttusb_dec_send_command() (bsc#1051510).\n\n - memstick: jmb38x_ms: Fix an error handling path in\n 'jmb38x_ms_probe()' (bsc#1051510).\n\n - mfd: intel-lpss: Remove D3cold delay (bsc#1051510).\n\n - mISDN: enforce CAP_NET_RAW for raw sockets\n (bsc#1051510).\n\n - mld: fix memory leak in mld_del_delrec()\n (networking-stable-19_09_05).\n\n - mmc: sdhci: Fix incorrect switch to HS mode\n (bsc#1051510).\n\n - mmc: sdhci: improve ADMA error reporting (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: set DMA snooping based on DMA\n coherence (bsc#1051510).\n\n - netfilter: nf_nat: do not bug when mapping already\n exists (bsc#1146612).\n\n - net: Fix null de-reference of device refcount\n (networking-stable-19_09_15).\n\n - net: fix skb use after free in netpoll\n (networking-stable-19_09_05).\n\n - net: gso: Fix skb_segment splat when splitting gso_size\n mangled skb having linear-headed frag_list\n (networking-stable-19_09_15).\n\n - net/ibmvnic: Fix EOI when running in XIVE mode\n (bsc#1089644, ltc#166495, ltc#165544, git-fixes).\n\n - net/mlx4_en: fix a memory leak bug (bsc#1046299).\n\n - net/mlx5: Add device ID of upcoming BlueField-2\n (bsc#1046303 ).\n\n - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305\n ).\n\n - net/phy: fix DP83865 10 Mbps HDX loopback disable\n function (networking-stable-19_09_30).\n\n - net: qlogic: Fix memory leak in ql_alloc_large_buffers\n (networking-stable-19_10_05).\n\n - net: qrtr: Stop rx_worker before freeing node\n (networking-stable-19_09_30).\n\n - net/rds: Fix error handling in rds_ib_add_one()\n (networking-stable-19_10_05).\n\n - net/rds: fix warn in rds_message_alloc_sgs\n (bsc#1154848).\n\n - net/rds: remove user triggered WARN_ON in rds_sendmsg\n (bsc#1154848).\n\n - net: Replace NF_CT_ASSERT() with WARN_ON()\n (bsc#1146612).\n\n - net/sched: act_sample: do not push mac header on ip6gre\n ingress (networking-stable-19_09_30).\n\n - net: sched: act_sample: fix psample group handling on\n overwrite (networking-stable-19_09_05).\n\n - net_sched: add policy validation for action attributes\n (networking-stable-19_09_30).\n\n - net_sched: fix backward compatibility for TCA_ACT_KIND\n (git-fixes).\n\n - net: stmmac: dwmac-rk: Do not fail if phy regulator is\n absent (networking-stable-19_09_05).\n\n - net: Unpublish sk from sk_reuseport_cb before call_rcu\n (networking-stable-19_10_05).\n\n - nfc: fix attrs checks in netlink interface\n (bsc#1051510).\n\n - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510).\n\n - nfc: pn533: fix use-after-free and memleaks\n (bsc#1051510).\n\n - NFSv4.1 - backchannel request should hold ref on xprt\n (bsc#1152624).\n\n - nl80211: fix NULL pointer dereference (bsc#1051510).\n\n - objtool: Clobber user CFLAGS variable (bsc#1153236).\n\n - openvswitch: change type of UPCALL_PID attribute to\n NLA_UNSPEC (networking-stable-19_09_30).\n\n - packaging: add support for riscv64\n\n - PCI: Correct pci=resource_alignment parameter example\n (bsc#1051510).\n\n - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092).\n\n - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI\n domain numbers (bsc#1153263).\n\n - PCI: PM: Fix pci_power_up() (bsc#1051510).\n\n - pinctrl: cherryview: restore Strago DMI workaround for\n all versions (bsc#1111666).\n\n - pinctrl: tegra: Fix write barrier placement in\n pmx_writel (bsc#1051510).\n\n - platform/x86: classmate-laptop: remove unused variable\n (bsc#1051510).\n\n - platform/x86: i2c-multi-instantiate: Derive the device\n name from parent (bsc#1111666).\n\n - platform/x86: i2c-multi-instantiate: Fail the probe if\n no IRQ provided (bsc#1111666).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to\n critclk_systems DMI table (bsc#1051510).\n\n - powerpc/64s/pseries: radix flush translations before MMU\n is enabled at boot (bsc#1055186).\n\n - powerpc/64s/radix: keep kernel ERAT over local\n process/guest invalidates (bsc#1055186).\n\n - powerpc/64s/radix: tidy up TLB flushing code\n (bsc#1055186).\n\n - powerpc/64s: Rename PPC_INVALIDATE_ERAT to\n PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186).\n\n - powerpc/mm/book3s64: Move book3s64 code to\n pgtable-book3s64 (bsc#1055186).\n\n - powerpc/mm: mark more tlb functions as __always_inline\n (bsc#1055186).\n\n - powerpc/mm: Properly invalidate when setting process\n table base (bsc#1055186).\n\n - powerpc/mm/radix: mark as __tlbie_pid() and friends\n as__always_inline (bsc#1055186).\n\n - powerpc/mm/radix: mark __radix__flush_tlb_range_psize()\n as __always_inline (bsc#1055186).\n\n - powerpc/pseries/mobility: use cond_resched when updating\n device tree (bsc#1153112 ltc#181778).\n\n - powerpc/pseries: Remove confusing warning message\n (bsc#1109158).\n\n - powerpc/rtas: allow rescheduling while changing cpu\n states (bsc#1153112 ltc#181778).\n\n - powerplay: Respect units on max dcfclk watermark\n (bsc#1111666).\n\n - power: supply: sysfs: ratelimit property read error\n message (bsc#1051510).\n\n - qed: iWARP - Fix default window size to be based on chip\n (bsc#1050536 bsc#1050545).\n\n - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - fix uninitialized callback (bsc#1050536\n bsc#1050545).\n\n - qed: iWARP - Use READ_ONCE and smp_store_release to\n access ep->state (bsc#1050536 bsc#1050545).\n\n - qmi_wwan: add support for Cinterion CLS8 devices\n (networking-stable-19_10_05).\n\n - r8152: Set macpassthru in reset_resume callback\n (bsc#1051510).\n\n - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' ->\n 'missing_resp' (bsc#1050244).\n\n - RDMA: Fix goto target to release the allocated memory\n (bsc#1050244).\n\n - rds: Fix warning (bsc#1154848).\n\n - Revert 'drm/amd/display: Fix underscan not using proper\n scaling' (bsc#1111666).\n\n - Revert 'drm/amd/powerplay: Enable/Disable NBPSTATE on\n On/OFF of UVD' (bsc#1111666).\n\n - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510).\n\n - rtlwifi: rtl8192cu: Fix value set in descriptor\n (bsc#1142635).\n\n - s390/cmf: set_schib_wait add timeout (bsc#1153509,\n bsc#1153476).\n\n - s390/crypto: fix gcm-aes-s390 selftest failures\n (bsc#1137861 LTC#178091).\n\n - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash\n (networking-stable-19_10_05).\n\n - sch_dsmark: fix potential NULL deref in dsmark_init()\n (networking-stable-19_10_05).\n\n - sch_hhf: ensure quantum and hhf_non_hh_weight are\n non-zero (networking-stable-19_09_15).\n\n - sch_netem: fix a divide by zero in tabledist()\n (networking-stable-19_09_30).\n\n - scsi: lpfc: Check queue pointer before use\n (bsc#1154242).\n\n - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt\n (bsc#1154521).\n\n - scsi: lpfc: Complete removal of FCoE T10 PI support on\n SLI-4 adapters (bsc#1154521).\n\n - scsi: lpfc: Convert existing %pf users to %ps\n (bsc#1154521).\n\n - scsi: lpfc: Fix coverity errors on NULL pointer checks\n (bsc#1154521).\n\n - scsi: lpfc: Fix device recovery errors after PLOGI\n failures (bsc#1154521).\n\n - scsi: lpfc: Fix devices that do not return after devloss\n followed by rediscovery (bsc#1137040).\n\n - scsi: lpfc: Fix discovery failures when target device\n connectivity bounces (bsc#1154521).\n\n - scsi: lpfc: Fix GPF on scsi command completion\n (bsc#1154521).\n\n - scsi: lpfc: Fix hdwq sgl locks and irq handling\n (bsc#1154521).\n\n - scsi: lpfc: Fix host hang at boot or slow boot\n (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption detected in\n lpfc_put_sgl_per_hdwq (bsc#1154521).\n\n - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq\n (bsc#1154521).\n\n - scsi: lpfc: Fix locking on mailbox command completion\n (bsc#1154521).\n\n - scsi: lpfc: Fix miss of register read failure check\n (bsc#1154521).\n\n - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo\n via sysfs attribute (bsc#1140845).\n\n - scsi: lpfc: Fix NVMe ABTS in response to receiving an\n ABTS (bsc#1154521).\n\n - scsi: lpfc: Fix NVME io abort failures causing hangs\n (bsc#1154521).\n\n - scsi: lpfc: Fix premature re-enabling of interrupts in\n lpfc_sli_host_down (bsc#1154521).\n\n - scsi: lpfc: Fix propagation of devloss_tmo setting to\n nvme transport (bsc#1140883).\n\n - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs\n (bsc#1154521).\n\n - scsi: lpfc: Fix rpi release when deleting vport\n (bsc#1154521).\n\n - scsi: lpfc: Fix spinlock_irq issues in\n lpfc_els_flush_cmd() (bsc#1154521).\n\n - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static\n (bsc#1154521).\n\n - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375).\n\n - scsi: lpfc: remove left-over BUILD_NVME defines\n (bsc#1154268).\n\n - scsi: lpfc: Update async event logging (bsc#1154521).\n\n - scsi: lpfc: Update lpfc version to 12.4.0.1\n (bsc#1154521).\n\n - scsi: qedf: fc_rport_priv reference counting fixes\n (bsc#1098291).\n\n - scsi: qedf: Modify abort and tmf handler to handle edge\n condition and flush (bsc#1098291).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS\n passthrough (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop\n event (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Check for MB timeout while capturing\n ISP27/28xx FW dump (bsc#1143706 bsc#1082635\n bsc#1123034).\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1143706\n bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706\n bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706\n bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Improve logging for scan thread\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Optimize NPIV tear down process\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: remove redundant assignment to pointer\n host (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in\n qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635\n bsc#1123034).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706\n bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Silence fwdump template message\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k\n (bsc#1143706 bsc#1082635 bsc#1123034).\n\n - scsi: storvsc: setup 1:1 mapping between hardware queue\n and CPU queue (bsc#1140729).\n\n - sctp: Fix the link time qualifier of\n 'sctp_ctrlsock_exit()' (networking-stable-19_09_15).\n\n - sctp: use transport pf_retrans in\n sctp_do_8_2_transport_strike\n (networking-stable-19_09_15).\n\n - Sign non-x86 kernels when possible (boo#1134303)\n\n - skge: fix checksum byte order\n (networking-stable-19_09_30).\n\n - sock_diag: fix autoloading of the raw_diag module\n (bsc#1152791).\n\n - sock_diag: request _diag module only when the family or\n proto has been registered (bsc#1152791).\n\n - staging: bcm2835-audio: Fix draining behavior regression\n (bsc#1111666).\n\n - staging: vt6655: Fix memory leak in vt6655_probe\n (bsc#1051510).\n\n - staging: wlan-ng: fix exit return when sme->key_idx >=\n NUM_WEPKEYS (bsc#1051510).\n\n - tcp: Do not dequeue SYN/FIN-segments from write-queue\n (git-gixes).\n\n - tcp: fix tcp_ecn_withdraw_cwr() to clear\n TCP_ECN_QUEUE_CWR (networking-stable-19_09_15).\n\n - tcp: inherit timestamp on mtu probe\n (networking-stable-19_09_05).\n\n - tcp: remove empty skb from write queue in error cases\n (networking-stable-19_09_05).\n\n - thermal: Fix use-after-free when unregistering thermal\n zone device (bsc#1051510).\n\n - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510).\n\n - tipc: add NULL pointer check before calling kfree_rcu\n (networking-stable-19_09_15).\n\n - tipc: fix unlimited bundling of small messages\n (networking-stable-19_10_05).\n\n - tracing: Initialize iter->seq after zeroing in\n tracing_read_pipe() (bsc#1151508).\n\n - tun: fix use-after-free when register netdev failed\n (networking-stable-19_09_15).\n\n - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE\n (bsc#1145099).\n\n - Update\n patches.suse/NFSv4-Check-the-return-value-of-update_open\n _stateid.patch (boo#1154189 bsc#1154747).\n\n - usb: adutux: fix NULL-derefs on disconnect\n (bsc#1142635).\n\n - usb: adutux: fix use-after-free on disconnect\n (bsc#1142635).\n\n - usb: adutux: fix use-after-free on release\n (bsc#1051510).\n\n - usb: chaoskey: fix use-after-free on release\n (bsc#1051510).\n\n - usb: dummy-hcd: fix power budget for SuperSpeed mode\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free after driver unbind\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on disconnect\n (bsc#1051510).\n\n - usb: iowarrior: fix use-after-free on release\n (bsc#1051510).\n\n - usb: ldusb: fix memleak on disconnect (bsc#1051510).\n\n - usb: ldusb: fix NULL-derefs on driver unbind\n (bsc#1051510).\n\n - usb: ldusb: fix read info leaks (bsc#1051510).\n\n - usb: legousbtower: fix a signedness bug in tower_probe()\n (bsc#1051510).\n\n - usb: legousbtower: fix deadlock on disconnect\n (bsc#1142635).\n\n - usb: legousbtower: fix memleak on disconnect\n (bsc#1051510).\n\n - usb: legousbtower: fix open after failed reset request\n (bsc#1142635).\n\n - usb: legousbtower: fix potential NULL-deref on\n disconnect (bsc#1142635).\n\n - usb: legousbtower: fix slab info leak at probe\n (bsc#1142635).\n\n - usb: legousbtower: fix use-after-free on release\n (bsc#1051510).\n\n - usb: microtek: fix info-leak at probe (bsc#1142635).\n\n - usbnet: ignore endpoints with invalid wMaxPacketSize\n (bsc#1051510).\n\n - usbnet: sanity checking of packet sizes and device mtu\n (bsc#1051510).\n\n - usb: serial: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: serial: ftdi_sio: add device IDs for Sienna and\n Echelon PL-20 (bsc#1051510).\n\n - usb: serial: keyspan: fix NULL-derefs on open() and\n write() (bsc#1051510).\n\n - usb: serial: option: add support for Cinterion CLS8\n devices (bsc#1051510).\n\n - usb: serial: option: add Telit FN980 compositions\n (bsc#1051510).\n\n - usb: serial: ti_usb_3410_5052: fix port-close races\n (bsc#1051510).\n\n - usb: udc: lpc32xx: fix bad bit shift operation\n (bsc#1051510).\n\n - usb: usblcd: fix I/O after disconnect (bsc#1142635).\n\n - usb: usblp: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: usblp: fix use-after-free on disconnect\n (bsc#1051510).\n\n - usb: usb-skeleton: fix NULL-deref on disconnect\n (bsc#1051510).\n\n - usb: usb-skeleton: fix runtime PM after driver unbind\n (bsc#1051510).\n\n - usb: usb-skeleton: fix use-after-free after driver\n unbind (bsc#1051510).\n\n - usb: xhci: wait for CNR controller not ready bit in xhci\n resume (bsc#1051510).\n\n - usb: yurex: Do not retry on unexpected errors\n (bsc#1051510).\n\n - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510).\n\n - vfio_pci: Restore original state on release\n (bsc#1051510).\n\n - vhost_net: conditionally enable tx polling\n (bsc#1145099).\n\n - video: of: display_timing: Add of_node_put() in\n of_get_display_timing() (bsc#1051510).\n\n - vsock: Fix a lockdep warning in __vsock_release()\n (networking-stable-19_10_05).\n\n - watchdog: imx2_wdt: fix min() calculation in\n imx2_wdt_set_timeout (bsc#1051510).\n\n - x86/asm: Fix MWAITX C-state hint value (bsc#1114279).\n\n - x86/boot/64: Make level2_kernel_pgt pages invalid\n outside kernel area (bnc#1153969).\n\n - x86/boot/64: Round memory hole size up to next PMD page\n (bnc#1153969).\n\n - x86/mm: Use WRITE_ONCE() when setting PTEs\n (bsc#1114279).\n\n - xen/netback: fix error path of xenvif_connect_data()\n (bsc#1065600).\n\n - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811).\n\n - xhci: Check all endpoints for LPM timeout (bsc#1051510).\n\n - xhci: Fix false warning message about wrong bounce\n buffer write length (bsc#1051510).\n\n - xhci: Increase STS_SAVE timeout in xhci_suspend()\n (bsc#1051510).\n\n - xhci: Prevent device initiated U1/U2 link pm if exit\n latency is too long (bsc#1051510).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1143706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155186\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nThis updated advisory text mentions the additional non-security changes and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi connectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the 'KNOB attack'. An attacker that is nearby during pairing could use this to weaken the encryption used between the paired devices, and then to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum encryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility could be used to cause integer overflow in page reference counts, leading to a use-after-free. On a system with sufficient physical memory, a local user permitted to create arbitrary FUSE mounts could use this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE filesystems through fusermount, which limits the number of mounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work correctly if more than one device is bound to it. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the sisusbvga driver could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB devices' maximum packet sizes, which could lead to a heap buffer overrun. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk protocol implementation, which could lead to a use-after-free. The security impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp command failed due to a disk quota. A local user on a system using XFS and disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network transformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace) could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did not correctly handle failure to discover devices beyond a SAS expander. This could lead to a resource leak and crash (BUG). The security impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet driver, which could lead to a NULL pointer dereference and crash (BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate traffic class numbers in received control packets, leading to out-of-bounds memory accesses. A nearby attacker on the same wifi network could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.189-3. This version also includes a fix for Debian bug #930904, and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "Debian DLA-1919-2 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-11487", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-9506"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1919.NASL", "href": "https://www.tenable.com/plugins/nessus/128779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1919-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128779);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-11487\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15807\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-9506\");\n\n script_name(english:\"Debian DLA-1919-2 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nThis updated advisory text mentions the additional non-security\nchanges and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen\ndiscovered a weakness in the Bluetooth pairing protocols, dubbed the\n'KNOB attack'. An attacker that is nearby during pairing could use\nthis to weaken the encryption used between the paired devices, and\nthen to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum\nencryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility\ncould be used to cause integer overflow in page reference counts,\nleading to a use-after-free. On a system with sufficient physical\nmemory, a local user permitted to create arbitrary FUSE mounts could\nuse this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE\nfilesystems through fusermount, which limits the number of\nmounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could\nlead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work\ncorrectly if more than one device is bound to it. An attacker able to\nadd USB devices could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that\nUSB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the\nsisusbvga driver could lead to a NULL pointer dereference. An attacker\nable to add USB devices could use this to cause a denial of service\n(BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which\ncould lead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB\ndevices' maximum packet sizes, which could lead to a heap buffer\noverrun. An attacker able to add USB devices could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk\nprotocol implementation, which could lead to a use-after-free. The\nsecurity impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp\ncommand failed due to a disk quota. A local user on a system using XFS\nand disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network\ntransformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace)\ncould use this to cause a denial of service (memory corruption or\ncrash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did\nnot correctly handle failure to discover devices beyond a SAS\nexpander. This could lead to a resource leak and crash (BUG). The\nsecurity impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet\ndriver, which could lead to a NULL pointer dereference and crash\n(BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate\ntraffic class numbers in received control packets, leading to\nout-of-bounds memory accesses. A nearby attacker on the same wifi\nnetwork could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.189-3. This version also includes a fix for Debian bug #930904,\nand other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.189-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T16:06:25", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).\n\n - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285).\n\n - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).\n\n - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed.\n (bnc#1146512).\n\n - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514).\n\n - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516).\n\n - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112).\n\n - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713).\n\n - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713).\n\n - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399).\n\n - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378).\n\n - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920).\n\n - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion (bnc#1145922).\n\n - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519).\n\n - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391).\n\n - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550).\n\n - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425).\n\n - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361).\n\n - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547).\n\n - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413).\n\n - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524).\n\n - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526).\n\n - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529).\n\n - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531).\n\n - CVE-2019-15239: In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting.\n Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. (bnc#1146589)\n\n - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver (bnc#1146378 bnc#1146543).\n\n - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678).\n\n - CVE-2019-15538: XFS partially wedges when a chgrp fails on account of being out of disk quota.\n xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093).\n\n - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394).\n\n - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).\n\n - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539).\n\n - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552).\n\n - CVE-2019-15920: An issue was discovered in the Linux kernel SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak (bnc#1149626).\n\n - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602).\n\n - CVE-2019-15924: The fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure (bnc#1149612).\n\n - CVE-2019-15926: Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).\n\n - CVE-2019-15927: An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522).\n\n - CVE-2019-9456: In USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Increase total number of possible Owner IDs (bsc#1148859).\n\n - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510).\n\n - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333).\n\n - Add new flag on SMB3.1.1 read (bsc#1144333).\n\n - address lock imbalance warnings in smbdirect.c (bsc#1144333).\n\n - Add some missing debug fields in server and tcon structs (bsc#1144333).\n\n - add some missing definitions (bsc#1144333).\n\n - Add some qedf commits to blacklist file (bsc#1149976)\n\n - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333).\n\n - ALSA: firewire: fix a memory leak bug (bsc#1051510).\n\n - ALSA: hda - Add a generic reboot_notify (bsc#1051510).\n\n - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510).\n\n - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510).\n\n - ALSA: hda - Fix a memory leak bug (bsc#1051510).\n\n - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510).\n\n - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510).\n\n - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510).\n\n - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510).\n\n - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510).\n\n - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510).\n\n - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510).\n\n - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510).\n\n - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510).\n\n - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510).\n\n - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510).\n\n - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510).\n\n - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510).\n\n - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510).\n\n - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes).\n\n - bio: fix improper use of smp_mb__before_atomic() (git fixes).\n\n - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661).\n\n - blk-mq: Fix spelling in a source code comment (git fixes).\n\n - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661).\n\n - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).\n\n - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543).\n\n - block, documentation: Fix wbt_lat_usec documentation (git fixes).\n\n - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510).\n\n - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25).\n\n - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25).\n\n - Btrfs: add a helper to retrive extent inline ref type (bsc#1149325).\n\n - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911).\n\n - Btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487).\n\n - Btrfs: add one more sanity check for shared ref type (bsc#1149325).\n\n - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911).\n\n - Btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325).\n\n - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933).\n\n - Btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562).\n\n - Btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941).\n\n - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911).\n\n - Btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942).\n\n - Btrfs: fix incremental send failure after deduplication (bsc#1145940).\n\n - btrfs: fix pinned underflow after transaction aborted (bsc#1050911).\n\n - Btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059).\n\n - Btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937).\n\n - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911).\n\n - Btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059).\n\n - Btrfs: remove BUG() in add_data_reference (bsc#1149325).\n\n - Btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325).\n\n - Btrfs: remove BUG() in print_extent_item (bsc#1149325).\n\n - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).\n\n - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911).\n\n - btrfs: start readahead also in seed devices (bsc#1144886).\n\n - btrfs: track running balance in a simpler way (bsc#1145059).\n\n - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25).\n\n - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510).\n\n - can: mcp251x: add support for mcp25625 (bsc#1051510).\n\n - can: peak_usb: fix potential double kfree_skb() (bsc#1051510).\n\n - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510).\n\n - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510).\n\n - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510).\n\n - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510).\n\n - can: sja1000: force the string buffer NULL-terminated (bsc#1051510).\n\n - carl9170: fix misuse of device driver API (bsc#1142635).\n\n - ceph: always get rstat from auth mds (bsc#1146346).\n\n - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346).\n\n - ceph: decode feature bits in session message (bsc#1146346).\n\n - ceph: do not blindly unregister session that is in opening state (bsc#1148133).\n\n - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in\n __ceph_build_xattrs_blob() (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in\n __ceph_setxattr() (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133).\n\n - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219).\n\n - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133).\n\n - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133).\n\n - ceph: remove request from waiting list before unregister (bsc#1148133).\n\n - ceph: silence a checker warning in mdsc_show() (bsc#1148133).\n\n - ceph: support cephfs' own feature bits (bsc#1146346).\n\n - ceph: support getting ceph.dir.pin vxattr (bsc#1146346).\n\n - ceph: support versioned reply (bsc#1146346).\n\n - ceph: use bit flags to define vxattr attributes (bsc#1146346).\n\n - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333).\n\n - cifs: add a new SMB2_close_flags function (bsc#1144333).\n\n - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333).\n\n - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333).\n\n - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333).\n\n - cifs: add compound_send_recv() (bsc#1144333).\n\n - cifs: add credits from unmatched responses/messages (bsc#1144333).\n\n - cifs: add debug output to show nocase mount option (bsc#1144333).\n\n - cifs: Add DFS cache routines (bsc#1144333).\n\n - cifs: Add direct I/O functions to file_operations (bsc#1144333).\n\n - cifs: add fiemap support (bsc#1144333).\n\n - cifs: add iface info to struct cifs_ses (bsc#1144333).\n\n - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333).\n\n - cifs: add lease tracking to the cached root fid (bsc#1144333).\n\n - cifs: Add minor debug message during negprot (bsc#1144333).\n\n - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333).\n\n - cifs: add missing GCM module dependency (bsc#1144333).\n\n - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333).\n\n - cifs: add ONCE flag for cifs_dbg type (bsc#1144333).\n\n - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333).\n\n - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333).\n\n - cifs: address trivial coverity warning (bsc#1144333).\n\n - cifs: add server argument to the dump_detail method (bsc#1144333).\n\n - cifs: add server->vals->header_preamble_size (bsc#1144333).\n\n - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).\n\n - cifs: add sha512 secmech (bsc#1051510, bsc#1144333).\n\n - cifs: Adds information-level logging function (bsc#1144333).\n\n - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333).\n\n - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333).\n\n - cifs: add SMB2_query_info_[init|free]() (bsc#1144333).\n\n - cifs: Add smb2_send_recv (bsc#1144333).\n\n - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333).\n\n - cifs: add .splice_write (bsc#1144333).\n\n - cifs: Add support for direct I/O read (bsc#1144333).\n\n - cifs: Add support for direct I/O write (bsc#1144333).\n\n - cifs: Add support for direct pages in rdata (bsc#1144333).\n\n - cifs: Add support for direct pages in wdata (bsc#1144333).\n\n - cifs: Add support for failover in cifs_mount() (bsc#1144333).\n\n - cifs: Add support for failover in cifs_reconnect() (bsc#1144333).\n\n - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333).\n\n - cifs: Add support for failover in smb2_reconnect() (bsc#1144333).\n\n - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333).\n\n - cifs: add support for ioctl on directories (bsc#1144333).\n\n - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333).\n\n - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333).\n\n - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333).\n\n - cifs: Adjust MTU credits before reopening a file (bsc#1144333).\n\n - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333).\n\n - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333).\n\n - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).\n\n - cifs: allow disabling less secure legacy dialects (bsc#1144333).\n\n - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333).\n\n - cifs: always add credits back for unsolicited PDUs (bsc#1144333).\n\n - cifs: Always reset read error to -EIO if no response (bsc#1144333).\n\n - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333).\n\n - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333).\n\n - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333).\n\n - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333).\n\n - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333).\n\n - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333).\n\n - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333).\n\n - cifs: Call MID callback before destroying transport (bsc#1144333).\n\n - cifs: change mkdir to use a compound (bsc#1144333).\n\n - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333).\n\n - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333).\n\n - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333).\n\n - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333).\n\n - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333).\n\n - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333).\n\n - cifs: change unlink to use a compound (bsc#1144333).\n\n - cifs: change validate_buf to validate_iov (bsc#1144333).\n\n - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333).\n\n - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333).\n\n - cifs: Check for reconnects before sending async requests (bsc#1144333).\n\n - cifs: Check for reconnects before sending compound requests (bsc#1144333).\n\n - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333).\n\n - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333).\n\n - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333).\n\n - cifs: check kmalloc before use (bsc#1051510, bsc#1144333).\n\n - cifs: check kzalloc return (bsc#1144333).\n\n - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333).\n\n - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333).\n\n - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333).\n\n - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333).\n\n - cifs: clean up indentation, replace spaces with tab (bsc#1144333).\n\n - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333).\n\n - cifs: complete PDU definitions for interface queries (bsc#1144333).\n\n - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333).\n\n - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333).\n\n - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333).\n\n - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333).\n\n - cifs: create a helper function for compound query_info (bsc#1144333).\n\n - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333).\n\n - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333).\n\n - cifs: Display SMB2 error codes in the hex format (bsc#1144333).\n\n - cifs: document tcon/ses/server refcount dance (bsc#1144333).\n\n - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333).\n\n - cifs: Do not assume one credit for async responses (bsc#1144333).\n\n - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333).\n\n - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333).\n\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333).\n\n - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333).\n\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333).\n\n - cifs: Do not log credits when unmounting a share (bsc#1144333).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333).\n\n - cifs: Do not match port on SMBDirect transport (bsc#1144333).\n\n - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333).\n\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333).\n\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333).\n\n - cifs: do not return atime less than mtime (bsc#1144333).\n\n - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333).\n\n - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333).\n\n - cifs: do not show domain= in mount output when domain is empty (bsc#1144333).\n\n - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333).\n\n - cifs: do not use __constant_cpu_to_le32() (bsc#1144333).\n\n - cifs: dump every session iface info (bsc#1144333).\n\n - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333).\n\n - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333).\n\n - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333).\n\n - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333).\n\n - cifs: fix a credits leak for compund commands (bsc#1144333).\n\n - cifs: Fix a debug message (bsc#1144333).\n\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333).\n\n - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333).\n\n - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333).\n\n - cifs: Fix a race condition with cifs_echo_request (bsc#1144333).\n\n - cifs: Fix a tiny potential memory leak (bsc#1144333).\n\n - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333).\n\n - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333).\n\n - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333).\n\n - cifs: fix build errors for SMB_DIRECT (bsc#1144333).\n\n - cifs: Fix check for matching with existing mount (bsc#1144333).\n\n - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333).\n\n - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333).\n\n - cifs: fix confusing warning message on reconnect (bsc#1144333).\n\n - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).\n\n - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333).\n\n - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333).\n\n - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333).\n\n - cifs: Fix credit calculations in compound mid callback (bsc#1144333).\n\n - cifs: Fix credit computation for compounded requests (bsc#1144333).\n\n - cifs: Fix credits calculation for cancelled requests (bsc#1144333).\n\n - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333).\n\n - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333).\n\n - cifs: fix deadlock in cached root handling (bsc#1144333).\n\n - cifs: Fix DFS cache refresher for DFS links (bsc#1144333).\n\n - cifs: fix encryption in SMB3.1.1 (bsc#1144333).\n\n - cifs: Fix encryption/signing (bsc#1144333).\n\n - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333).\n\n - cifs: Fix error paths in writeback code (bsc#1144333).\n\n - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333).\n\n - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333).\n\n - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333).\n\n - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333).\n\n - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333).\n\n - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333).\n\n - cifs: fix kref underflow in close_shroot() (bsc#1144333).\n\n - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333).\n\n - cifs: Fix lease buffer length error (bsc#1144333).\n\n - cifs: fix memory leak and remove dead code (bsc#1144333).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333).\n\n - cifs: fix memory leak in SMB2_read (bsc#1144333).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333).\n\n - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333).\n\n - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333).\n\n - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333).\n\n - cifs: Fix module dependency (bsc#1144333).\n\n - cifs: Fix mounts if the client is low on credits (bsc#1144333).\n\n - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333).\n\n - cifs: Fix NULL pointer dereference of devname (bnc#1129519).\n\n - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333).\n\n - cifs: Fix NULL ptr deref (bsc#1144333).\n\n - cifs: fix page reference leak with readv/writev (bsc#1144333).\n\n - cifs: fix panic in smb2_reconnect (bsc#1144333).\n\n - cifs: fix parsing of symbolic link error response (bsc#1144333).\n\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333).\n\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333).\n\n - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333).\n\n - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333).\n\n - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333).\n\n - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333).\n\n - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333).\n\n - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333).\n\n - cifs: Fix signing for SMB2/3 (bsc#1144333).\n\n - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333).\n\n - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333).\n\n - cifs: fix SMB1 breakage (bsc#1144333).\n\n - cifs: fix smb3_zero_range for Azure (bsc#1144333).\n\n - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333).\n\n - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333).\n\n - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333).\n\n - cifs: Fix stack out-of-bounds in smb(2,3)_create_lease_buf() (bsc#1051510, bsc#1144333).\n\n - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333).\n\n - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333).\n\n - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333).\n\n - cifs: fix typo in cifs_dbg (bsc#1144333).\n\n - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333).\n\n - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333).\n\n - cifs: Fix use-after-free in SMB2_read (bsc#1144333).\n\n - cifs: Fix use-after-free in SMB2_write (bsc#1144333).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333).\n\n - cifs: fix use-after-free of the lease keys (bsc#1144333).\n\n - cifs: Fix validation of signed data in smb2 (bsc#1144333).\n\n - cifs: Fix validation of signed data in smb3+ (bsc#1144333).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333).\n\n - cifs: flush before set-info if we have writeable handles (bsc#1144333).\n\n - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333).\n\n - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333).\n\n - cifs: handle netapp error codes (bsc#1136261).\n\n - cifs: hide unused functions (bsc#1051510, bsc#1144333).\n\n - cifs: hide unused functions (bsc#1051510, bsc#1144333).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333).\n\n - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333).\n\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333).\n\n - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333).\n\n - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333).\n\n - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333).\n\n - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333).\n\n - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333).\n\n - cifs: Limit memory used by lock request calls to a page (bsc#1144333).\n\n - cifs_lookup(): cifs_get_inode_...() never returns 0 with\n *inode left NULL (bsc#1144333).\n\n - cifs_lookup(): switch to d_splice_alias() (bsc#1144333).\n\n - cifs: make arrays static const, reduces object code size (bsc#1144333).\n\n - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333).\n\n - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333).\n\n - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333).\n\n - cifs: make mknod() an smb_version_op (bsc#1144333).\n\n - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333).\n\n - cifs: make rmdir() use compounding (bsc#1144333).\n\n - cifs: make smb_send_rqst take an array of requests (bsc#1144333).\n\n - cifs: Make sure all data pages are signed correctly (bsc#1144333).\n\n - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333).\n\n - cifs: Mask off signals when sending SMB packets (bsc#1144333).\n\n - cifs: minor clarification in comments (bsc#1144333).\n\n - cifs: Minor Kconfig clarification (bsc#1144333).\n\n - cifs: minor updates to module description for cifs.ko (bsc#1144333).\n\n - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333).\n\n - cifs: move default port definitions to cifsglob.h (bsc#1144333).\n\n - cifs: move large array from stack to heap (bsc#1144333).\n\n - cifs: Move open file handling to writepages (bsc#1144333).\n\n - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333).\n\n - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333).\n\n - cifs: Only free DFS target list if we actually got one (bsc#1144333).\n\n - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333).\n\n - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333).\n\n - cifs: parse and store info on iface queries (bsc#1144333).\n\n - cifs: pass flags down into wait_for_free_credits() (bsc#1144333).\n\n - cifs: Pass page offset for calculating signature (bsc#1144333).\n\n - cifs: Pass page offset for encrypting (bsc#1144333).\n\n - cifs: pass page offsets on SMB1 read/write (bsc#1144333).\n\n - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333).\n\n - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333).\n\n - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333).\n\n - cifs: Print message when attempting a mount (bsc#1144333).\n\n - cifs: Properly handle auto disabling of serverino option (bsc#1144333).\n\n - cifs: protect against server returning invalid file system block size (bsc#1144333).\n\n - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).\n\n - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333).\n\n - cifs: push rfc1002 generation down the stack (bsc#1144333).\n\n - cifs: read overflow in is_valid_oplock_break() (bsc#1144333).\n\n - cifs: Reconnect expired SMB sessions (bnc#1060662).\n\n - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333).\n\n - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333).\n\n - cifs: Refactor out cifs_mount() (bsc#1144333).\n\n - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333).\n\n - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333).\n\n - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333).\n\n - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333).\n\n - cifs: remove header_preamble_size where it is always 0 (bsc#1144333).\n\n - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333).\n\n - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333).\n\n - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333).\n\n - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333).\n\n - cifs: remove set but not used variable 'sep' (bsc#1144333).\n\n - cifs: remove set but not used variable 'server' (bsc#1144333).\n\n - cifs: remove set but not used variable 'smb_buf' (bsc#1144333).\n\n - cifs: remove small_smb2_init (bsc#1144333).\n\n - cifs: remove smb2_send_recv() (bsc#1144333).\n\n - cifs: remove struct smb2_hdr (bsc#1144333).\n\n - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).\n\n - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333).\n\n - cifs: remove unused stats (bsc#1144333).\n\n - cifs: remove unused value pointed out by Coverity (bsc#1144333).\n\n - cifs: remove unused variable from SMB2_read (bsc#1144333).\n\n - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333).\n\n - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333).\n\n - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333).\n\n - cifs: replace snprintf with scnprintf (bsc#1144333).\n\n - cifs: Respect reconnect in MTU credits calculations (bsc#1144333).\n\n - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333).\n\n - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333).\n\n - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333).\n\n - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).\n\n - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333).\n\n - cifs: Return error code when getting file handle for writeback (bsc#1144333).\n\n - cifs: return error on invalid value written to cifsFYI (bsc#1144333).\n\n - cifs: Save TTL value when parsing DFS referrals (bsc#1144333).\n\n - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333).\n\n - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333).\n\n - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333).\n\n - cifs: Set reconnect instance to one initially (bsc#1144333).\n\n - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333).\n\n - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333).\n\n - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333).\n\n - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333).\n\n - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333).\n\n - cifs: Silence uninitialized variable warning (bsc#1144333).\n\n - cifs: simple stats should always be enabled (bsc#1144333).\n\n - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files.\n\n - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333).\n\n - cifs: Skip any trailing backslashes from UNC (bsc#1144333).\n\n - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333).\n\n - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333).\n\n - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333).\n\n - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333).\n\n - cifs: SMBD: Add rdma mount option (bsc#1144333).\n\n - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).\n\n - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333).\n\n - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333).\n\n - cifs: smbd: avoid reconnect lockup (bsc#1144333).\n\n - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333).\n\n - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333).\n\n - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333).\n\n - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333).\n\n - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333).\n\n - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333).\n\n - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333).\n\n - cifs: smbd: Dump SMB packet when configured (bsc#1144333).\n\n - cifs: smbd: Enable signing with smbdirect (bsc#1144333).\n\n - cifs: SMBD: Establish SMB Direct connection (bsc#1144333).\n\n - cifs: SMBD: export protocol initial values (bsc#1144333).\n\n - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333).\n\n - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).\n\n - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333).\n\n - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333).\n\n - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333).\n\n - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333).\n\n - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333).\n\n - cifs: SMBD: Implement RDMA memory registration (bsc#1144333).\n\n - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333).\n\n - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333).\n\n - cifs: smbd: Retry on memory registration failure (bsc#1144333).\n\n - cifs: smbd: Return EINTR when interrupted (bsc#1144333).\n\n - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333).\n\n - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333).\n\n - cifs: SMBD: Support page offset in memory registration (bsc#1144333).\n\n - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333).\n\n - cifs: SMBD: Support page offset in RDMA send (bsc#1144333).\n\n - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333).\n\n - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333).\n\n - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333).\n\n - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333).\n\n - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333).\n\n - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333).\n\n - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333).\n\n - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333).\n\n - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333).\n\n - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333).\n\n - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333).\n\n - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333).\n\n - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333).\n\n - cifs: suppress some implicit-fallthrough warnings (bsc#1144333).\n\n - cifs: track writepages in vfs operation counters (bsc#1144333).\n\n - cifs: Try to acquire credits at once for compound requests (bsc#1144333).\n\n - cifs: update calc_size to take a server argument (bsc#1144333).\n\n - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333).\n\n - cifs: update internal module number (bsc#1144333).\n\n - cifs: update internal module version number (bsc#1144333).\n\n - cifs: update internal module version number (bsc#1144333).\n\n - cifs: update internal module version number (bsc#1144333).\n\n - cifs: update internal module version number (bsc#1144333).\n\n - cifs: update internal module version number (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333).\n\n - cifs: update module internal version number (bsc#1144333).\n\n - cifs: update multiplex loop to handle compounded responses (bsc#1144333).\n\n - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333).\n\n - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333).\n\n - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333).\n\n - cifs: update smb2_queryfs() to use compounding (bsc#1144333).\n\n - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333).\n\n - cifs: use a compound for setting an xattr (bsc#1144333).\n\n - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333).\n\n - cifs: use correct format characters (bsc#1144333).\n\n - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333).\n\n - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333).\n\n - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).\n\n - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333).\n\n - cifs: Use kzfree() to free password (bsc#1144333).\n\n - cifs: Use offset when reading pages (bsc#1144333).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333).\n\n - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333).\n\n - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333).\n\n - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333).\n\n - cifs: we can not use small padding iovs together with encryption (bsc#1144333).\n\n - cifs: When sending data on socket, pass the correct page offset (bsc#1144333).\n\n - cifs: zero-range does not require the file is sparse (bsc#1144333).\n\n - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333).\n\n - Cleanup some minor endian issues in smb3 rdma (bsc#1144333).\n\n - clk: add clk_bulk_get accessories (bsc#1144813).\n\n - clk: bcm2835: remove pllb (jsc#SLE-7294).\n\n - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294).\n\n - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813).\n\n - clk: Export clk_bulk_prepare() (bsc#1144813).\n\n - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294).\n\n - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510).\n\n - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813).\n\n - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813).\n\n - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510).\n\n - coredump: split pipe command whitespace before expanding template (bsc#1051510).\n\n - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).\n\n - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294).\n\n - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279).\n\n - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510).\n\n - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510).\n\n - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510).\n\n - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934).\n\n - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510).\n\n - cx82310_eth: fix a memory leak bug (bsc#1051510).\n\n - devres: always use dev_name() in devm_ioremap_resource() (git fixes).\n\n - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333).\n\n - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510).\n\n - dm btree: fix order of block initialization in btree_split_beneath (git fixes).\n\n - dm bufio: fix deadlock with loop device (git fixes).\n\n - dm cache metadata: Fix loading discard bitset (git fixes).\n\n - dm crypt: do not overallocate the integrity tag space (git fixes).\n\n - dm crypt: fix parsing of extended IV arguments (git fixes).\n\n - dm delay: fix a crash when invalid device is specified (git fixes).\n\n - dm: fix to_sector() for 32bit (git fixes).\n\n - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes).\n\n - dm integrity: limit the rate of error messages (git fixes).\n\n - dm kcopyd: always complete failed jobs (git fixes).\n\n - dm log writes: make sure super sector log updates are written in order (git fixes).\n\n - dm raid: add missing cleanup in raid_ctr() (git fixes).\n\n - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes).\n\n - dm space map metadata: fix missing store of apply_bops() return value (git fixes).\n\n - dm table: fix invalid memory accesses with too high sector number (git fixes).\n\n - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes).\n\n - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes).\n\n - dm thin: fix passdown_double_checking_shared_status() (git fixes).\n\n - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes).\n\n - dm zoned: Fix zone report handling (git fixes).\n\n - dm zoned: fix zone state management race (git fixes).\n\n - dm zoned: improve error handling in i/o map code (git fixes).\n\n - dm zoned: improve error handling in reclaim (git fixes).\n\n - dm zoned: properly handle backing device failure (git fixes).\n\n - dm zoned: Silence a static checker warning (git fixes).\n\n - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333).\n\n - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333).\n\n - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510).\n\n - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642)\n\n - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642)\n\n - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635)\n\n - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635)\n\n - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635)\n\n - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)\n\n - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510).\n\n - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642)\n\n - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642)\n\n - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642)\n\n - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642)\n\n - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642)\n\n - drm/mediatek: fix unbind functions (bsc#1135642)\n\n - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635)\n\n - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642)\n\n - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635)\n\n - drm: msm: Fix add_gpu_components (bsc#1051510).\n\n - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635)\n\n - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635)\n\n - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510).\n\n - drm/rockchip: Suspend DP late (bsc#1142635)\n\n - drm: silence variable 'conn' set but not used (bsc#1051510).\n\n - drm/udl: introduce a macro to convert dev to udl.\n (bsc#1113722)\n\n - drm/udl: move to embedding drm device inside udl device.\n (bsc#1113722)\n\n - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642)\n\n - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642)\n\n - Drop an ASoC fix that was reverted in 4.14.y stable\n\n - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510).\n\n - ext4: use jbd2_inode dirty range scoping (bsc#1148616).\n\n - firmware: raspberrypi: register clk device (jsc#SLE-7294).\n\n - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333).\n\n - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333).\n\n - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333).\n\n - Fix kABI after KVM fixes\n\n - Fix match_server check to allow for auto dialect negotiate (bsc#1144333).\n\n - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333).\n\n - fix struct ufs_req removal of unused field (git-fixes).\n\n - Fix warning messages when mounting to older servers (bsc#1144333).\n\n - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).\n\n - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333).\n\n - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333).\n\n - fs/cifs: fix uninitialised variable warnings (bsc#1144333).\n\n - fs: cifs: Kconfig: pedantic formatting (bsc#1144333).\n\n - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333).\n\n - fs/cifs: require sha512 (bsc#1051510, bsc#1144333).\n\n - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333).\n\n - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333).\n\n - fs/cifs: suppress a string overflow warning (bsc#1144333).\n\n - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333).\n\n - fsl/fman: Use GFP_ATOMIC in (memac,tgec)_add_hash_mac_address() (bsc#1051510).\n\n - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031).\n\n - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033).\n\n - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418).\n\n - ftrace: Check for successful allocation of hash (bsc#1149424).\n\n - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413).\n\n - gpio: Fix build error of function redefinition (bsc#1051510).\n\n - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510).\n\n - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510).\n\n - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510).\n\n - gpio: mxs: Get rid of external API call (bsc#1051510).\n\n - gpio: pxa: handle corner case of unprobed device (bsc#1051510).\n\n - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635)\n\n - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510).\n\n - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510).\n\n - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510).\n\n - HID: hiddev: avoid opening a disconnected device (bsc#1051510).\n\n - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510).\n\n - HID: holtek: test for sanity of intfdata (bsc#1051510).\n\n - HID: sony: Fix race condition between rumble and device remove (bsc#1051510).\n\n - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635).\n\n - HID: wacom: correct misreported EKR ring values (bsc#1142635).\n\n - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510).\n\n - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510).\n\n - i2c: emev2: avoid race when unregistering slave client (bsc#1051510).\n\n - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510).\n\n - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510).\n\n - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678).\n\n - ibmveth: Convert multicast list size for little-endian system (bsc#1061843).\n\n - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635).\n\n - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726).\n\n - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25).\n\n - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510).\n\n - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510).\n\n - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333).\n\n - include/linux/bitops.h: sanitize rotate primitives (git fixes).\n\n - Input: iforce - add sanity checks (bsc#1051510).\n\n - Input: kbtab - sanity check for endpoint type (bsc#1051510).\n\n - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510).\n\n - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510).\n\n - intel_th: pci: Add Tiger Lake support (bsc#1051510).\n\n - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010).\n\n - iommu/amd: Fix race in increase_address_space() (bsc#1150860).\n\n - iommu/amd: Flush old domains in kdump kernel (bsc#1150861).\n\n - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105).\n\n - iommu/dma: Handle SG length overflow better (bsc#1146084).\n\n - ipip: validate header length in ipip_tunnel_xmit (git-fixes).\n\n - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25).\n\n - irqchip/gic-v3-its: fix build warnings (bsc#1144880).\n\n - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510).\n\n - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510).\n\n - isdn: mISDN: hfcsusb: Fix possible NULL pointer dereferences in start_isoc_chain() (bsc#1051510).\n\n - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086).\n\n - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510).\n\n - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902).\n\n - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635).\n\n - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).\n\n - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635).\n\n - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635).\n\n - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635).\n\n - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843).\n\n - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616).\n\n - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).\n\n - kasan: remove redundant initialization of variable 'real_size' (git fixes).\n\n - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510).\n\n - keys: Fix missing NULL pointer check in request_key_auth_describe() (bsc#1051510).\n\n - KVM: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388).\n\n - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408).\n\n - KVM: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389).\n\n - KVM: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390).\n\n - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391).\n\n - KVM: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392).\n\n - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840).\n\n - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393).\n\n - KVM: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394).\n\n - KVM: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395).\n\n - KVM: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409).\n\n - KVM: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104).\n\n - KVM: x86: fix backward migration with async_PF (bsc#1146074).\n\n - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882).\n\n - KVM: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083).\n\n - KVM: x86: Unconditionally enable irqs in guest context (bsc#1145396).\n\n - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397).\n\n - lan78xx: Fix memory leaks (bsc#1051510).\n\n - libata: add SG safety checks in SFF pio transfers (bsc#1051510).\n\n - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510).\n\n - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133).\n\n - libceph: fix PG split vs OSD (re)connect race (bsc#1148133).\n\n - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720).\n\n - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510).\n\n - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes).\n\n - mac80211: do not warn about CW params when not using them (bsc#1051510).\n\n - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510).\n\n - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635).\n\n - mac80211: fix possible sta leak (bsc#1051510).\n\n - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes).\n\n - md/raid: raid5 preserve the writeback action after the parity check (git fixes).\n\n - media: au0828: fix null dereference in error path (bsc#1051510).\n\n - media: pvrusb2: use a different format for warnings (bsc#1051510).\n\n - mfd: arizona: Fix undefined behavior (bsc#1051510).\n\n - mfd: core: Set fwnode for created devices (bsc#1051510).\n\n - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510).\n\n - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875).\n\n - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616).\n\n - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510).\n\n - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510).\n\n - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510).\n\n - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510).\n\n - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510).\n\n - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875).\n\n - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875).\n\n - mm: do not stall register_shrinker() (bsc#1104902, VM Performance).\n\n - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality).\n\n - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality).\n\n - mm/list_lru.c: fix memory leak in\n __memcg_init_list_lru_node (bsc#1148379, VM Functionality).\n\n - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality).\n\n - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality).\n\n - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality).\n\n - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality).\n\n - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality).\n\n - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality).\n\n - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality).\n\n - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality).\n\n - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689).\n\n - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality).\n\n - move a few externs to smbdirect.h to eliminate warning (bsc#1144333).\n\n - mpls: fix warning with multi-label encap (bsc#1051510).\n\n - nbd: replace kill_bdev() with __invalidate_device() again (git fixes).\n\n - Negotiate and save preferred compression algorithms (bsc#1144333).\n\n - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25).\n\n - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25).\n\n - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25).\n\n - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25).\n\n - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25).\n\n - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021).\n\n - net: ena: add good checksum counter (bsc#1139020 bsc#1139021).\n\n - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021).\n\n - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021).\n\n - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021).\n\n - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021).\n\n - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021).\n\n - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021).\n\n - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021).\n\n - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021).\n\n - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021).\n\n - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021).\n\n - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021).\n\n - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021).\n\n - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021).\n\n - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021).\n\n - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021).\n\n - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021).\n\n - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021).\n\n - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021).\n\n - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021).\n\n - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021).\n\n - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021).\n\n - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021).\n\n - net: Fix netdev_WARN_ONCE macro (git-fixes).\n\n - net/ibmvnic: Fix missing ( in __ibmvnic_reset (bsc#1149652 ltc#179635).\n\n - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635).\n\n - net: Introduce netdev_*_once functions (networking-stable-19_07_25).\n\n - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25).\n\n - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678).\n\n - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25).\n\n - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25).\n\n - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25).\n\n - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25).\n\n - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25).\n\n - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25).\n\n - net: sched: verify that q!=NULL before setting q->flags (git-fixes).\n\n - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510).\n\n - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291).\n\n - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291).\n\n - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012).\n\n - NFS: make nfs_match_client killable (bsc#1134291).\n\n - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).\n\n - nvme: cancel request synchronously (bsc#1145661).\n\n - nvme: change locking for the per-subsystem controller list (bsc#1142541).\n\n - nvme-core: Fix extra device_put() call on error path (bsc#1142541).\n\n - nvme-fc: fix module unloads while lports still pending (bsc#1150033).\n\n - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938).\n\n - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554).\n\n - nvme-multipath: relax ANA state check (bsc#1123105).\n\n - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876).\n\n - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076).\n\n - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302).\n\n - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300).\n\n - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510).\n\n - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106).\n\n - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841).\n\n - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510).\n\n - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510).\n\n - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813).\n\n - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294).\n\n - powerpc/64s: Include cpu header (bsc#1065729).\n\n - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107).\n\n - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764).\n\n - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes).\n\n - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958).\n\n - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937).\n\n - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937).\n\n - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937).\n\n - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376).\n\n - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352).\n\n - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107).\n\n - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).\n\n - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729).\n\n - powerpc/mm: Handle page table allocation failures (bsc#1065729).\n\n - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686).\n\n - powerpc/perf: Add mem access events to sysfs (bsc#1124370).\n\n - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686).\n\n - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686).\n\n - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686).\n\n - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686).\n\n - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958).\n\n - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729).\n\n - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes).\n\n - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958).\n\n - powerpc/pseries: add missing cpumask.h include file (bsc#1065729).\n\n - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925).\n\n - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958).\n\n - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840).\n\n - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107).\n\n - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019).\n\n - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762).\n\n - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019).\n\n - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019).\n\n - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510).\n\n - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510).\n\n - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333).\n\n - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510).\n\n - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510).\n\n - Revert 'dm bufio: fix deadlock with loop device' (git fixes).\n\n - Revert i915 userptr page lock patch (bsc#1145051) \n\n - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).\n\n - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thun dering-herd-is.patch (bsc#1141543) \n\n - rpm/kernel-binary.spec.in: Enable missing modules check.\n\n - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).\n\n - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510).\n\n - rpmsg: smd: fix memory leak on channel create (bsc#1051510).\n\n - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510).\n\n - rslib: Fix decoding of shortened codes (bsc#1051510).\n\n - rslib: Fix handling of of caller provided syndrome (bsc#1051510).\n\n - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510).\n\n - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25).\n\n - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339).\n\n - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907).\n\n - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339).\n\n - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339).\n\n - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339).\n\n - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339).\n\n - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339).\n\n - samples, bpf: fix to change the buffer size for read() (bsc#1051510).\n\n - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510).\n\n - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920).\n\n - sched/fair: Use RCU accessors consistently for\n ->numa_group (bsc#1144920).\n\n - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510).\n\n - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510).\n\n - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510).\n\n - scripts/gdb: fix lx-version string output (bsc#1051510).\n\n - scripts/git_sort/git_sort.py :\n\n - scsi: aacraid: Fix missing break in switch statement (git-fixes).\n\n - scsi: aacraid: Fix performance issue on logical drives (git-fixes).\n\n - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes).\n\n - scsi: aic94xx: fix module loading (git-fixes).\n\n - scsi: bfa: convert to strlcpy/strlcat (git-fixes).\n\n - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes).\n\n - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes).\n\n - scsi: core: Fix race on creating sense cache (git-fixes).\n\n - scsi: core: set result when the command cannot be dispatched (git-fixes).\n\n - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes).\n\n - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868).\n\n - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes).\n\n - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes.\n\n - scsi: fas216: fix sense buffer initialization (git-fixes).\n\n - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes).\n\n - scsi: libfc: fix NULL pointer dereference on a null lport (git-fixes).\n\n - scsi: libsas: delete sas port if expander discover failed (git-fixes).\n\n - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes).\n\n - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes).\n\n - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes).\n\n - scsi: megaraid: fix out-of-bound array accesses (git-fixes).\n\n - scsi: megaraid_sas: Fix calculation of target ID (git-fixes).\n\n - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes).\n\n - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976).\n\n - scsi: qedf: Add shutdown callback handler (bsc#1149976).\n\n - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).\n\n - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976).\n\n - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976).\n\n - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976).\n\n - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976).\n\n - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976).\n\n - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976).\n\n - scsi: qedf: Print message during bailout conditions (bsc#1149976).\n\n - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes).\n\n - scsi: qedf: remove set but not used variables (bsc#1149976).\n\n - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976).\n\n - scsi: qedf: Update module description string (bsc#1149976).\n\n - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976).\n\n - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976).\n\n - scsi: qedf: Use discovery list to traverse rports (bsc#1149976).\n\n - scsi: qedi: remove declaration of nvm_image from stack (git-fixes).\n\n - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424).\n\n - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes).\n\n - scsi: qla2xxx: Fix a format specifier (git-fixes).\n\n - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes).\n\n - scsi: qla2xxx: Fix device staying in blocked state (git-fixes).\n\n - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes).\n\n - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes).\n\n - scsi: qla2xxx: Update two source code comments (git-fixes).\n\n - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes).\n\n - scsi: raid_attrs: fix unused variable warning (git-fixes).\n\n - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes).\n\n - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes).\n\n - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes).\n\n - scsi: sd: Fix cache_type_store() (git-fixes).\n\n - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes).\n\n - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes).\n\n - scsi: sd: use mempool for discard special page (git-fixes).\n\n - scsi: sd_zbc: Fix potential memory leak (git-fixes).\n\n - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes).\n\n - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes).\n\n - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes).\n\n - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes).\n\n - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes).\n\n - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes).\n\n - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes).\n\n - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes).\n\n - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes).\n\n - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333).\n\n - sis900: fix TX completion (bsc#1051510).\n\n - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333).\n\n - smb2: fix typo in definition of a few error flags (bsc#1144333).\n\n - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333).\n\n - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333).\n\n - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333).\n\n - smb311: Fix reconnect (bsc#1051510, bsc#1144333).\n\n - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333).\n\n - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333).\n\n - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333).\n\n - smb3: add credits we receive from oplock/break PDUs (bsc#1144333).\n\n - smb3: add debug for unexpected mid cancellation (bsc#1144333).\n\n - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333).\n\n - smb3: add define for id for posix create context and corresponding struct (bsc#1144333).\n\n - smb3: Add defines for new negotiate contexts (bsc#1144333).\n\n - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333).\n\n - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333).\n\n - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333).\n\n - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333).\n\n - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333).\n\n - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333).\n\n - smb3: Add handling for different FSCTL access flags (bsc#1144333).\n\n - smb3: add missing read completion trace point (bsc#1144333).\n\n - smb3: add module alias for smb3 to cifs.ko (bsc#1144333).\n\n - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333).\n\n - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333).\n\n - smb3: Add protocol structs for change notify support (bsc#1144333).\n\n - smb3: add reconnect tracepoints (bsc#1144333).\n\n - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333).\n\n - smb3: add smb3.1.1 to default dialect list (bsc#1144333).\n\n - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333).\n\n - smb3: add support for posix negotiate context (bsc#1144333).\n\n - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333).\n\n - smb3: add tracepoint for sending lease break responses to server (bsc#1144333).\n\n - smb3: add tracepoint for session expired or deleted (bsc#1144333).\n\n - smb3: add tracepoint for slow responses (bsc#1144333).\n\n - smb3: add trace point for tree connection (bsc#1144333).\n\n - smb3: add tracepoints for query dir (bsc#1144333).\n\n - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333).\n\n - smb3: add tracepoints for smb2/smb3 open (bsc#1144333).\n\n - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333).\n\n - smb3: add way to control slow response threshold for logging and stats (bsc#1144333).\n\n - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333).\n\n - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333).\n\n - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333).\n\n - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333).\n\n - smb3: Allow query of symlinks stored as reparse points (bsc#1144333).\n\n - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333).\n\n - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333).\n\n - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333).\n\n - smb3: Backup intent flag missing from compounded ops (bsc#1144333).\n\n - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333).\n\n - smb3 clean up debug output displaying network interfaces (bsc#1144333).\n\n - smb3: Cleanup license mess (bsc#1144333).\n\n - smb3: Clean up query symlink when reparse point (bsc#1144333).\n\n - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333).\n\n - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333).\n\n - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333).\n\n - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333).\n\n - smb3: display session id in debug data (bsc#1144333).\n\n - smb3: display stats counters for number of slow commands (bsc#1144333).\n\n - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333).\n\n - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333).\n\n - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333).\n\n - smb3: do not display confusing message on mount to Azure servers (bsc#1144333).\n\n - smb3: do not display empty interface list (bsc#1144333).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333).\n\n - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333).\n\n - smb3: do not send compression info by default (bsc#1144333).\n\n - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333).\n\n - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333).\n\n - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333).\n\n - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333).\n\n - smb3: fix bytes_read statistics (bsc#1144333).\n\n - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333).\n\n - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333).\n\n - smb3: Fix endian warning (bsc#1144333, bsc#1137884).\n\n - smb3: Fix enumerating snapshots to Azure (bsc#1144333).\n\n - smb3: fix large reads on encrypted connections (bsc#1144333).\n\n - smb3: fix lease break problem introduced by compounding (bsc#1144333).\n\n - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333).\n\n - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333).\n\n - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).\n\n - smb3: Fix potential memory leak when processing compound chain (bsc#1144333).\n\n - smb3: fix redundant opens on root (bsc#1144333).\n\n - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333).\n\n - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333).\n\n - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333).\n\n - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333).\n\n - smb3: fix various xid leaks (bsc#1051510, bsc#1144333).\n\n - smb3: for kerberos mounts display the credential uid used (bsc#1144333).\n\n - smb3: handle new statx fields (bsc#1085536, bsc#1144333).\n\n - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333).\n\n - smb3: if server does not support posix do not allow posix mount option (bsc#1144333).\n\n - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333).\n\n - smb3: increase initial number of credits requested to allow write (bsc#1144333).\n\n - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333).\n\n - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333).\n\n - smb3: make default i/o size for smb3 mounts larger (bsc#1144333).\n\n - smb3: minor cleanup of compound_send_recv (bsc#1144333).\n\n - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333).\n\n - smb3: minor missing defines relating to reparse points (bsc#1144333).\n\n - smb3: missing defines and structs for reparse point handling (bsc#1144333).\n\n - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333).\n\n - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333).\n\n - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333).\n\n - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333).\n\n - smb3: optimize open to not send query file internal info (bsc#1144333).\n\n - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333).\n\n - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333).\n\n - smb3: query inode number on open via create context (bsc#1144333).\n\n - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333).\n\n - smb3: remove per-session operations from per-tree connection stats (bsc#1144333).\n\n - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333).\n\n - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333).\n\n - smb3: request more credits on tree connect (bsc#1144333).\n\n - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333).\n\n - smb3: send backup intent on compounded query info (bsc#1144333).\n\n - smb3: send CAP_DFS capability during session setup (bsc#1144333).\n\n - smb3: Send netname context during negotiate protocol (bsc#1144333).\n\n - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333).\n\n - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333).\n\n - smb3: smbdirect no longer experimental (bsc#1144333).\n\n - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333).\n\n - smb3: track the instance of each session for debugging (bsc#1144333).\n\n - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333).\n\n - smb3: trivial cleanup to smb2ops.c (bsc#1144333).\n\n - smb3: update comment to clarify enumerating snapshots (bsc#1144333).\n\n - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333).\n\n - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333).\n\n - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333).\n\n - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333).\n\n - smbd: Make upper layer decide when to destroy the transport (bsc#1144333).\n\n - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333).\n\n - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333).\n\n - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333).\n\n - smpboot: Place the __percpu annotation correctly (git fixes).\n\n - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813).\n\n - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813).\n\n - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813).\n\n - sound: fix a memory leak bug (bsc#1051510).\n\n - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510).\n\n - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510).\n\n - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510).\n\n - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510).\n\n - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510).\n\n - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510).\n\n - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510).\n\n - supported.conf: Add missing modules (bsc#1066369).\n\n - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25).\n\n - test_firmware: fix a memory leak bug (bsc#1051510).\n\n - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555).\n\n - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555).\n\n - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555).\n\n - tpm: Unify the send callback behaviour (bsc#1082555).\n\n - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555).\n\n - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333).\n\n - treewide: Replace GPLv2 boilerplate/reference with SPDX\n - rule 231 (bsc#1144333).\n\n - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617).\n\n - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y\n\n - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333).\n\n - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333).\n\n - Update config files. - cifs: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333).\n\n - update internal version number for cifs.ko (bsc#1144333).\n\n - Update patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2 .patch (bsc#1143765).\n\n - Update patches.suse/ceph-remove-request-from-waiting-list-befor e-unregister.patch (bsc#1148133 bsc#1138539).\n\n - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333).\n\n - Update version of cifs module (bsc#1144333).\n\n - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635).\n\n - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635).\n\n - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510).\n\n - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510).\n\n - usb: core: Fix races in character device registration and deregistraion (bsc#1051510).\n\n - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510).\n\n - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635).\n\n - usb: host: fotg2: restart hcd after port reset (bsc#1051510).\n\n - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510).\n\n - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510).\n\n - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510).\n\n - usb: iowarrior: fix deadlock on disconnect (bsc#1051510).\n\n - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510).\n\n - usb: serial: option: Add Motorola modem UARTs (bsc#1051510).\n\n - usb: serial: option: Add support for ZTE MF871A (bsc#1051510).\n\n - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510).\n\n - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510).\n\n - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510).\n\n - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510).\n\n - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510).\n\n - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510).\n\n - vfs: fix page locking deadlocks when deduping files (bsc#1148619).\n\n - VMCI: Release resource if the work is already queued (bsc#1051510).\n\n - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25).\n\n - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510).\n\n - watchdog: core: fix NULL pointer dereference when releasing cdev (bsc#1051510).\n\n - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510).\n\n - watchdog: fix compile time error of pretimeout governors (bsc#1051510).\n\n - wimax/i2400m: fix a memory leak bug (bsc#1051510).\n\n - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279).\n\n - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382).\n\n - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279).\n\n - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689).\n\n - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689).\n\n - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279).\n\n - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279).\n\n - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279).\n\n - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279).\n\n - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600).\n\n - xfrm: Fix bucket count reported to userspace (bsc#1143300).\n\n - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300).\n\n - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300).\n\n - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300).\n\n - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035).\n\n - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053).\n\n - xfs: dump transaction usage details on log reservation overrun (bsc#1145235).\n\n - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235).\n\n - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032).\n\n - xfs: fix semicolon.cocci warnings (bsc#1145235).\n\n - xfs: fix up agi unlinked list reservations (bsc#1145235).\n\n - xfs: include an allocfree res for inobt modifications (bsc#1145235).\n\n - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235).\n\n - xfs: print transaction log reservation on overrun (bsc#1145235).\n\n - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235).\n\n - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235).\n\n - xfs: remove more ondisk directory corruption asserts (bsc#1148034).\n\n - xfs: separate shutdown from ticket reservation print helper (bsc#1145235).\n\n - xfs: truncate transaction does not modify the inobt (bsc#1145235).", "cvss3": {}, "published": "2019-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15098", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15222", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15902", "CVE-2019-15917", "CVE-2019-15919", "CVE-2019-15920", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-9456"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2173.NASL", "href": "https://www.tenable.com/plugins/nessus/129339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129339);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-18551\", \"CVE-2018-20976\", \"CVE-2018-21008\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14835\", \"CVE-2019-15030\", \"CVE-2019-15031\", \"CVE-2019-15090\", \"CVE-2019-15098\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15217\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15222\", \"CVE-2019-15239\", \"CVE-2019-15290\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15902\", \"CVE-2019-15917\", \"CVE-2019-15919\", \"CVE-2019-15920\", \"CVE-2019-15921\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-15927\", \"CVE-2019-9456\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)\");\n script_summary(english:\"Check for the openSUSE-2019-2173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-18551: There was an out of bounds write in the\n function i2c_smbus_xfer_emulated (bnc#1146163).\n\n - CVE-2018-20976: A use after free exists, related to\n xfs_fs_fill_super failure (bnc#1146285).\n\n - CVE-2018-21008: A use-after-free can be caused by the\n function rsi_mac80211_detach in the file\n drivers/net/wireless/rsi/rsi_91x_mac80211.c\n (bnc#1149591).\n\n - CVE-2019-14814: A heap overflow in\n mwifiex_set_uap_rates() function of Marvell was fixed.\n (bnc#1146512).\n\n - CVE-2019-14815: A heap overflow in\n mwifiex_set_wmm_params() function of Marvell Wifi Driver\n was fixed. (bnc#1146514).\n\n - CVE-2019-14816: A heap overflow in\n mwifiex_update_vs_ie() function of Marvell Wifi Driver\n was fixed. (bnc#1146516).\n\n - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow\n could lead to guest to host kernel escape during live\n migration (bnc#1150112).\n\n - CVE-2019-15030: In the Linux kernel on the powerpc\n platform, a local user can read vector registers of\n other users' processes via a Facility Unavailable\n exception. To exploit the venerability, a local user\n starts a transaction (via the hardware transactional\n memory instruction tbegin) and then accesses vector\n registers. At some point, the vector registers will be\n corrupted with the values from a different local Linux\n process because of a missing\n arch/powerpc/kernel/process.c check (bnc#1149713).\n\n - CVE-2019-15031: In the Linux kernel on the powerpc\n platform, a local user can read vector registers of\n other users' processes via an interrupt. To exploit the\n venerability, a local user starts a transaction (via the\n hardware transactional memory instruction tbegin) and\n then accesses vector registers. At some point, the\n vector registers will be corrupted with the values from\n a different local Linux process, because MSR_TM_ACTIVE\n is misused in arch/powerpc/kernel/process.c\n (bnc#1149713).\n\n - CVE-2019-15090: In the qedi_dbg_* family of functions,\n there was an out-of-bounds read (bnc#1146399).\n\n - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c\n had a NULL pointer dereference via an incomplete address\n in an endpoint descriptor (bnc#1146378).\n\n - CVE-2019-15117: parse_audio_mixer_unit in\n sound/usb/mixer.c in the Linux kernel mishandled a short\n descriptor, leading to out-of-bounds memory access\n (bnc#1145920).\n\n - CVE-2019-15118: check_input_term in sound/usb/mixer.c in\n the Linux kernel mishandled recursion, leading to kernel\n stack exhaustion (bnc#1145922).\n\n - CVE-2019-15211: There was a use-after-free caused by a\n malicious USB device in the\n drivers/media/v4l2-core/v4l2-dev.c driver because\n drivers/media/radio/radio-raremono.c did not properly\n allocate memory (bnc#1146519).\n\n - CVE-2019-15212: There was a double-free caused by a\n malicious USB device in the drivers/usb/misc/rio500.c\n driver (bnc#1146391).\n\n - CVE-2019-15214: There was a use-after-free in the sound\n subsystem because card disconnection causes certain data\n structures to be deleted too early. This is related to\n sound/core/init.c and sound/core/info.c (bnc#1146550).\n\n - CVE-2019-15215: There was a use-after-free caused by a\n malicious USB device in the\n drivers/media/usb/cpia2/cpia2_usb.c driver\n (bnc#1146425).\n\n - CVE-2019-15216: There was a NULL pointer dereference\n caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver (bnc#1146361).\n\n - CVE-2019-15217: There was a NULL pointer dereference\n caused by a malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c driver\n (bnc#1146547).\n\n - CVE-2019-15218: There was a NULL pointer dereference\n caused by a malicious USB device in the\n drivers/media/usb/siano/smsusb.c driver (bnc#1146413).\n\n - CVE-2019-15219: There was a NULL pointer dereference\n caused by a malicious USB device in the\n drivers/usb/misc/sisusbvga/sisusb.c driver\n (bnc#1146524).\n\n - CVE-2019-15220: There was a use-after-free caused by a\n malicious USB device in the\n drivers/net/wireless/intersil/p54/p54usb.c driver\n (bnc#1146526).\n\n - CVE-2019-15221: There was a NULL pointer dereference\n caused by a malicious USB device in the\n sound/usb/line6/pcm.c driver (bnc#1146529).\n\n - CVE-2019-15222: There was a NULL pointer dereference\n caused by a malicious USB device in the\n sound/usb/helper.c (motu_microbookii) driver\n (bnc#1146531).\n\n - CVE-2019-15239: In the Linux kernel, a certain\n net/ipv4/tcp_output.c change, which was properly\n incorporated into 4.16.12, was incorrectly backported to\n the earlier longterm kernels, introducing a new\n vulnerability that was potentially more severe than the\n issue that was intended to be fixed by backporting.\n Specifically, by adding to a write queue between\n disconnection and re-connection, a local attacker can\n trigger multiple use-after-free conditions. This can\n result in a kernel crash, or potentially in privilege\n escalation. (bnc#1146589)\n\n - CVE-2019-15290: There was a NULL pointer dereference\n caused by a malicious USB device in the\n ath6kl_usb_alloc_urb_from_pipe function in the\n drivers/net/wireless/ath/ath6kl/usb.c driver\n (bnc#1146378 bnc#1146543).\n\n - CVE-2019-15292: There was a use-after-free in\n atalk_proc_exit, related to net/appletalk/atalk_proc.c,\n net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c (bnc#1146678).\n\n - CVE-2019-15538: XFS partially wedges when a chgrp fails\n on account of being out of disk quota.\n xfs_setattr_nonsize is failing to unlock the ILOCK after\n the xfs_qm_vop_chown_reserve call fails. This is\n primarily a local DoS attack vector, but it might result\n as well in remote DoS if the XFS filesystem is exported\n for instance via NFS (bnc#1148093).\n\n - CVE-2019-15666: There was an out-of-bounds array access\n in __xfrm_policy_unlink, which will cause denial of\n service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandled directory validation\n (bnc#1148394).\n\n - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix\n possible spectre-v1 in ptrace_get_debugreg()' commit\n reintroduced the Spectre vulnerability that it aimed to\n eliminate. This occurred because the backport process\n depends on cherry picking specific commits, and because\n two (correctly ordered) code lines were swapped\n (bnc#1149376).\n\n - CVE-2019-15917: There was a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in\n drivers/bluetooth/hci_ldisc.c (bnc#1149539).\n\n - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a\n use-after-free (bnc#1149552).\n\n - CVE-2019-15920: An issue was discovered in the Linux\n kernel SMB2_read in fs/cifs/smb2pdu.c had a\n use-after-free. NOTE: this was not fixed correctly in\n 5.0.10; see the 5.0.11 ChangeLog, which documents a\n memory leak (bnc#1149626).\n\n - CVE-2019-15921: There was a memory leak issue when\n idr_alloc() fails in genl_register_family() in\n net/netlink/genetlink.c (bnc#1149602).\n\n - CVE-2019-15924: The fm10k_init_module in\n drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL\n pointer dereference because there is no -ENOMEM upon an\n alloc_workqueue failure (bnc#1149612).\n\n - CVE-2019-15926: Out of bounds access exists in the\n functions ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file\n drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).\n\n - CVE-2019-15927: An out-of-bounds access exists in the\n function build_audio_procunit in the file\n sound/usb/mixer.c (bnc#1149522).\n\n - CVE-2019-9456: In USB monitor driver there is a possible\n OOB write due to a missing bounds check. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation (bnc#1150025).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Increase total number of possible Owner IDs\n (bsc#1148859).\n\n - ACPI: fix false-positive -Wuninitialized warning\n (bsc#1051510).\n\n - Add missing structs and defines from recent SMB3.1.1\n documentation (bsc#1144333).\n\n - Add new flag on SMB3.1.1 read (bsc#1144333).\n\n - address lock imbalance warnings in smbdirect.c\n (bsc#1144333).\n\n - Add some missing debug fields in server and tcon structs\n (bsc#1144333).\n\n - add some missing definitions (bsc#1144333).\n\n - Add some qedf commits to blacklist file (bsc#1149976)\n\n - Add vers=3.0.2 as a valid option for SMBv3.0.2\n (bsc#1144333).\n\n - ALSA: firewire: fix a memory leak bug (bsc#1051510).\n\n - ALSA: hda - Add a generic reboot_notify (bsc#1051510).\n\n - ALSA: hda - Apply workaround for another AMD chip\n 1022:1487 (bsc#1051510).\n\n - ALSA: hda - Do not override global PCM hw info flag\n (bsc#1051510).\n\n - ALSA: hda - Fix a memory leak bug (bsc#1051510).\n\n - ALSA: hda - Fix potential endless loop at applying\n quirks (bsc#1051510).\n\n - ALSA: hda: kabi workaround for generic parser flag\n (bsc#1051510).\n\n - ALSA: hda - Let all conexant codec enter D3 when\n rebooting (bsc#1051510).\n\n - ALSA: hda/realtek - Fix overridden device-specific\n initialization (bsc#1051510).\n\n - ALSA: hda/realtek - Fix the problem of two front mics on\n a ThinkCentre (bsc#1051510).\n\n - ALSA: hda - Workaround for crackled sound on AMD\n controller (1022:1457) (bsc#1051510).\n\n - ALSA: hiface: fix multiple memory leak bugs\n (bsc#1051510).\n\n - ALSA: line6: Fix memory leak at line6_init_pcm() error\n path (bsc#1051510).\n\n - ALSA: seq: Fix potential concurrent access to the\n deleted pool (bsc#1051510).\n\n - ASoC: dapm: Fix handling of custom_stop_condition on\n DAPM graph walks (bsc#1051510).\n\n - ASoC: Fail card instantiation if DAI format setup fails\n (bsc#1051510).\n\n - batman-adv: fix uninit-value in\n batadv_netlink_get_ifindex() (bsc#1051510).\n\n - batman-adv: Only read OGM2 tvlv_len after buffer len\n check (bsc#1051510).\n\n - batman-adv: Only read OGM tvlv_len after buffer len\n check (bsc#1051510).\n\n - bcache: fix possible memory leak in bch_cached_dev_run()\n (git fixes).\n\n - bio: fix improper use of smp_mb__before_atomic() (git\n fixes).\n\n - blk-mq: backport fixes for\n blk_mq_complete_e_request_sync() (bsc#1145661).\n\n - blk-mq: Fix spelling in a source code comment (git\n fixes).\n\n - blk-mq: introduce blk_mq_complete_request_sync()\n (bsc#1145661).\n\n - blk-wbt: Avoid lock contention and thundering herd issue\n in wbt_wait (bsc#1141543).\n\n - blk-wbt: Avoid lock contention and thundering herd issue\n in wbt_wait (bsc#1141543).\n\n - block, documentation: Fix wbt_lat_usec documentation\n (git fixes).\n\n - Bluetooth: btqca: Add a short delay before downloading\n the NVM (bsc#1051510).\n\n - bnx2x: Prevent ptp_task to be rescheduled indefinitely\n (networking-stable-19_07_25).\n\n - bonding: validate ip header before check IPPROTO_IGMP\n (networking-stable-19_07_25).\n\n - Btrfs: add a helper to retrive extent inline ref type\n (bsc#1149325).\n\n - btrfs: add cleanup_ref_head_accounting helper\n (bsc#1050911).\n\n - Btrfs: add missing inode version, ctime and mtime\n updates when punching hole (bsc#1140487).\n\n - Btrfs: add one more sanity check for shared ref type\n (bsc#1149325).\n\n - btrfs: clean up pending block groups when transaction\n commit aborts (bsc#1050911).\n\n - Btrfs: convert to use btrfs_get_extent_inline_ref_type\n (bsc#1149325).\n\n - Btrfs: do not abort transaction at btrfs_update_root()\n after failure to COW path (bsc#1150933).\n\n - Btrfs: fix assertion failure during fsync and use of\n stale transaction (bsc#1150562).\n\n - Btrfs: fix data loss after inode eviction, renaming it,\n and fsync it (bsc#1145941).\n\n - btrfs: Fix delalloc inodes invalidation during\n transaction abort (bsc#1050911).\n\n - Btrfs: fix fsync not persisting dentry deletions due to\n inode evictions (bsc#1145942).\n\n - Btrfs: fix incremental send failure after deduplication\n (bsc#1145940).\n\n - btrfs: fix pinned underflow after transaction aborted\n (bsc#1050911).\n\n - Btrfs: fix race between send and deduplication that lead\n to failures and crashes (bsc#1145059).\n\n - Btrfs: fix race leading to fs corruption after\n transaction abort (bsc#1145937).\n\n - btrfs: handle delayed ref head accounting cleanup in\n abort (bsc#1050911).\n\n - Btrfs: prevent send failures and crashes due to\n concurrent relocation (bsc#1145059).\n\n - Btrfs: remove BUG() in add_data_reference (bsc#1149325).\n\n - Btrfs: remove BUG() in btrfs_extent_inline_ref_size\n (bsc#1149325).\n\n - Btrfs: remove BUG() in print_extent_item (bsc#1149325).\n\n - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).\n\n - btrfs: Split btrfs_del_delalloc_inode into 2 functions\n (bsc#1050911).\n\n - btrfs: start readahead also in seed devices\n (bsc#1144886).\n\n - btrfs: track running balance in a simpler way\n (bsc#1145059).\n\n - caif-hsi: fix possible deadlock in cfhsi_exit_module()\n (networking-stable-19_07_25).\n\n - can: m_can: implement errata 'Needless activation of\n MRAF irq' (bsc#1051510).\n\n - can: mcp251x: add support for mcp25625 (bsc#1051510).\n\n - can: peak_usb: fix potential double kfree_skb()\n (bsc#1051510).\n\n - can: peak_usb: force the string buffer NULL-terminated\n (bsc#1051510).\n\n - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB\n devices (bsc#1051510).\n\n - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB\n devices (bsc#1051510).\n\n - can: rcar_canfd: fix possible IRQ storm on high load\n (bsc#1051510).\n\n - can: sja1000: force the string buffer NULL-terminated\n (bsc#1051510).\n\n - carl9170: fix misuse of device driver API (bsc#1142635).\n\n - ceph: always get rstat from auth mds (bsc#1146346).\n\n - ceph: clean up ceph.dir.pin vxattr name sizeof()\n (bsc#1146346).\n\n - ceph: decode feature bits in session message\n (bsc#1146346).\n\n - ceph: do not blindly unregister session that is in\n opening state (bsc#1148133).\n\n - ceph: do not try fill file_lock on unsuccessful\n GETFILELOCK reply (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in\n __ceph_build_xattrs_blob() (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in\n __ceph_setxattr() (bsc#1148133).\n\n - ceph: fix buffer free while holding i_ceph_lock in\n fill_inode() (bsc#1148133).\n\n - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133\n bsc#1135219).\n\n - ceph: fix improper use of smp_mb__before_atomic()\n (bsc#1148133).\n\n - ceph: hold i_ceph_lock when removing caps for freeing\n inode (bsc#1148133).\n\n - ceph: remove request from waiting list before unregister\n (bsc#1148133).\n\n - ceph: silence a checker warning in mdsc_show()\n (bsc#1148133).\n\n - ceph: support cephfs' own feature bits (bsc#1146346).\n\n - ceph: support getting ceph.dir.pin vxattr (bsc#1146346).\n\n - ceph: support versioned reply (bsc#1146346).\n\n - ceph: use bit flags to define vxattr attributes\n (bsc#1146346).\n\n - cifs: Accept validate negotiate if server return\n NT_STATUS_NOT_SUPPORTED (bsc#1144333).\n\n - cifs: add a new SMB2_close_flags function (bsc#1144333).\n\n - cifs: add a smb2_compound_op and change QUERY_INFO to\n use it (bsc#1144333).\n\n - cifs: add a timeout argument to wait_for_free_credits\n (bsc#1144333).\n\n - cifs: add a warning if we try to to dequeue a deleted\n mid (bsc#1144333).\n\n - cifs: add compound_send_recv() (bsc#1144333).\n\n - cifs: add credits from unmatched responses/messages\n (bsc#1144333).\n\n - cifs: add debug output to show nocase mount option\n (bsc#1144333).\n\n - cifs: Add DFS cache routines (bsc#1144333).\n\n - cifs: Add direct I/O functions to file_operations\n (bsc#1144333).\n\n - cifs: add fiemap support (bsc#1144333).\n\n - cifs: add iface info to struct cifs_ses (bsc#1144333).\n\n - cifs: add IOCTL for QUERY_INFO passthrough to userspace\n (bsc#1144333).\n\n - cifs: add lease tracking to the cached root fid\n (bsc#1144333).\n\n - cifs: Add minor debug message during negprot\n (bsc#1144333).\n\n - cifs: add missing debug entries for kconfig options\n (bsc#1051510, bsc#1144333).\n\n - cifs: add missing GCM module dependency (bsc#1144333).\n\n - cifs: add missing support for ACLs in SMB 3.11\n (bsc#1051510, bsc#1144333).\n\n - cifs: add ONCE flag for cifs_dbg type (bsc#1144333).\n\n - cifs: add pdu_size to the TCP_Server_Info structure\n (bsc#1144333).\n\n - cifs: add resp_buf_size to the mid_q_entry structure\n (bsc#1144333).\n\n - cifs: address trivial coverity warning (bsc#1144333).\n\n - cifs: add server argument to the dump_detail method\n (bsc#1144333).\n\n - cifs: add server->vals->header_preamble_size\n (bsc#1144333).\n\n - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).\n\n - cifs: add sha512 secmech (bsc#1051510, bsc#1144333).\n\n - cifs: Adds information-level logging function\n (bsc#1144333).\n\n - cifs: add SMB2_close_init()/SMB2_close_free()\n (bsc#1144333).\n\n - cifs: add SMB2_ioctl_init/free helpers to be used with\n compounding (bsc#1144333).\n\n - cifs: add SMB2_query_info_[init|free]() (bsc#1144333).\n\n - cifs: Add smb2_send_recv (bsc#1144333).\n\n - cifs: add spinlock for the openFileList to cifsInodeInfo\n (bsc#1144333).\n\n - cifs: add .splice_write (bsc#1144333).\n\n - cifs: Add support for direct I/O read (bsc#1144333).\n\n - cifs: Add support for direct I/O write (bsc#1144333).\n\n - cifs: Add support for direct pages in rdata\n (bsc#1144333).\n\n - cifs: Add support for direct pages in wdata\n (bsc#1144333).\n\n - cifs: Add support for failover in cifs_mount()\n (bsc#1144333).\n\n - cifs: Add support for failover in cifs_reconnect()\n (bsc#1144333).\n\n - cifs: Add support for failover in cifs_reconnect_tcon()\n (bsc#1144333).\n\n - cifs: Add support for failover in smb2_reconnect()\n (bsc#1144333).\n\n - cifs: Add support for FSCTL passthrough that write data\n to the server (bsc#1144333).\n\n - cifs: add support for ioctl on directories\n (bsc#1144333).\n\n - cifs: Add support for reading attributes on SMB2+\n (bsc#1051510, bsc#1144333).\n\n - cifs: add support for SEEK_DATA and SEEK_HOLE\n (bsc#1144333).\n\n - cifs: Add support for writing attributes on SMB2+\n (bsc#1051510, bsc#1144333).\n\n - cifs: Adjust MTU credits before reopening a file\n (bsc#1144333).\n\n - cifs: Allocate memory for all iovs in smb2_ioctl\n (bsc#1144333).\n\n - cifs: Allocate validate negotiation request through\n kmalloc (bsc#1144333).\n\n - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).\n\n - cifs: allow disabling less secure legacy dialects\n (bsc#1144333).\n\n - cifs: allow guest mounts to work for smb3.11\n (bsc#1051510, bsc#1144333).\n\n - cifs: always add credits back for unsolicited PDUs\n (bsc#1144333).\n\n - cifs: Always reset read error to -EIO if no response\n (bsc#1144333).\n\n - cifs: Always resolve hostname before reconnecting\n (bsc#1051510, bsc#1144333).\n\n - cifs: a smb2_validate_and_copy_iov failure does not mean\n the handle is invalid (bsc#1144333).\n\n - cifs: auto disable 'serverino' in dfs mounts\n (bsc#1144333).\n\n - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for\n the common case (bsc#1144333).\n\n - cifs: Avoid returning EBUSY to upper layer VFS\n (bsc#1144333).\n\n - cifs: cache FILE_ALL_INFO for the shared root handle\n (bsc#1144333).\n\n - cifs: Calculate the correct request length based on page\n offset and tail size (bsc#1144333).\n\n - cifs: Call MID callback before destroying transport\n (bsc#1144333).\n\n - cifs: change mkdir to use a compound (bsc#1144333).\n\n - cifs: change smb2_get_data_area_len to take a\n smb2_sync_hdr as argument (bsc#1144333).\n\n - cifs: Change SMB2_open to return an iov for the error\n parameter (bsc#1144333).\n\n - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use\n compounding (bsc#1144333).\n\n - cifs: change SMB2_OP_SET_EOF to use compounding\n (bsc#1144333).\n\n - cifs: change SMB2_OP_SET_INFO to use compounding\n (bsc#1144333).\n\n - cifs: change smb2_query_eas to use the compound\n query-info helper (bsc#1144333).\n\n - cifs: change unlink to use a compound (bsc#1144333).\n\n - cifs: change validate_buf to validate_iov (bsc#1144333).\n\n - cifs: change wait_for_free_request() to take flags as\n argument (bsc#1144333).\n\n - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse\n existing sb (bsc#1144333).\n\n - cifs: Check for reconnects before sending async requests\n (bsc#1144333).\n\n - cifs: Check for reconnects before sending compound\n requests (bsc#1144333).\n\n - cifs: check for STATUS_USER_SESSION_DELETED\n (bsc#1112902, bsc#1144333).\n\n - cifs: Check for timeout on Negotiate stage (bsc#1091171,\n bsc#1144333).\n\n - cifs: check if SMB2 PDU size has been padded and\n suppress the warning (bsc#1144333).\n\n - cifs: check kmalloc before use (bsc#1051510,\n bsc#1144333).\n\n - cifs: check kzalloc return (bsc#1144333).\n\n - cifs: check MaxPathNameComponentLength != 0 before using\n it (bsc#1085536, bsc#1144333).\n\n - cifs: check ntwrk_buf_start for NULL before\n dereferencing it (bsc#1144333).\n\n - cifs: check rsp for NULL before dereferencing in\n SMB2_open (bsc#1085536, bsc#1144333).\n\n - cifs: cifs_read_allocate_pages: do not iterate through\n whole page array on ENOMEM (bsc#1144333).\n\n - cifs: clean up indentation, replace spaces with tab\n (bsc#1144333).\n\n - cifs: cleanup smb2ops.c and normalize strings\n (bsc#1144333).\n\n - cifs: complete PDU definitions for interface queries\n (bsc#1144333).\n\n - cifs: connect to servername instead of IP for IPC$ share\n (bsc#1051510, bsc#1144333).\n\n - cifs: Count SMB3 credits for malformed pending responses\n (bsc#1144333).\n\n - cifs: create a define for how many iovs we need for an\n SMB2_open() (bsc#1144333).\n\n - cifs: create a define for the max number of iov we need\n for a SMB2 set_info (bsc#1144333).\n\n - cifs: create a helper function for compound query_info\n (bsc#1144333).\n\n - cifs: create helpers for SMB2_set_info_init/free()\n (bsc#1144333).\n\n - cifs: create SMB2_open_init()/SMB2_open_free() helpers\n (bsc#1144333).\n\n - cifs: Display SMB2 error codes in the hex format\n (bsc#1144333).\n\n - cifs: document tcon/ses/server refcount dance\n (bsc#1144333).\n\n - cifs: do not allow creating sockets except with SMB1\n posix exensions (bsc#1102097, bsc#1144333).\n\n - cifs: Do not assume one credit for async responses\n (bsc#1144333).\n\n - cifs: do not attempt cifs operation on smb2+ rename\n error (bsc#1144333).\n\n - cifs: Do not consider -ENODATA as stat failure for reads\n (bsc#1144333).\n\n - cifs: Do not count -ENODATA as failure for query\n directory (bsc#1051510, bsc#1144333).\n\n - cifs: do not dereference smb_file_target before null\n check (bsc#1051510, bsc#1144333).\n\n - cifs: Do not hide EINTR after sending network packets\n (bsc#1051510, bsc#1144333).\n\n - cifs: Do not log credits when unmounting a share\n (bsc#1144333).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS\n (bsc#1051510, bsc#1144333).\n\n - cifs: Do not match port on SMBDirect transport\n (bsc#1144333).\n\n - cifs: Do not modify mid entry after submitting I/O in\n cifs_call_async (bsc#1051510, bsc#1144333).\n\n - cifs: Do not reconnect TCP session in add_credits()\n (bsc#1051510, bsc#1144333).\n\n - cifs: Do not reset lease state to NONE on lease break\n (bsc#1051510, bsc#1144333).\n\n - cifs: do not return atime less than mtime (bsc#1144333).\n\n - cifs: do not send invalid input buffer on QUERY_INFO\n requests (bsc#1144333).\n\n - cifs: Do not set credits to 1 if the server didn't grant\n anything (bsc#1144333).\n\n - cifs: do not show domain= in mount output when domain is\n empty (bsc#1144333).\n\n - cifs: Do not skip SMB2 message IDs on send failures\n (bsc#1144333).\n\n - cifs: do not use __constant_cpu_to_le32() (bsc#1144333).\n\n - cifs: dump every session iface info (bsc#1144333).\n\n - cifs: dump IPC tcon in debug proc file (bsc#1071306,\n bsc#1144333).\n\n - cifs: fallback to older infolevels on findfirst\n queryinfo retry (bsc#1144333).\n\n - cifs: Find and reopen a file before get MTU credits in\n writepages (bsc#1144333).\n\n - cifs: fix a buffer leak in smb2_query_symlink\n (bsc#1144333).\n\n - cifs: fix a credits leak for compund commands\n (bsc#1144333).\n\n - cifs: Fix a debug message (bsc#1144333).\n\n - cifs: Fix adjustment of credits for MTU requests\n (bsc#1051510, bsc#1144333).\n\n - cifs: Fix an issue with re-sending rdata when transport\n returning -EAGAIN (bsc#1144333).\n\n - cifs: Fix an issue with re-sending wdata when transport\n returning -EAGAIN (bsc#1144333).\n\n - cifs: Fix a race condition with cifs_echo_request\n (bsc#1144333).\n\n - cifs: Fix a tiny potential memory leak (bsc#1144333).\n\n - cifs: Fix autonegotiate security settings mismatch\n (bsc#1087092, bsc#1144333).\n\n - cifs: fix bi-directional fsctl passthrough calls\n (bsc#1144333).\n\n - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled\n (bsc#1144333).\n\n - cifs: fix build errors for SMB_DIRECT (bsc#1144333).\n\n - cifs: Fix check for matching with existing mount\n (bsc#1144333).\n\n - cifs: fix circular locking dependency (bsc#1064701,\n bsc#1144333).\n\n - cifs: fix computation for MAX_SMB2_HDR_SIZE\n (bsc#1144333).\n\n - cifs: fix confusing warning message on reconnect\n (bsc#1144333).\n\n - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).\n\n - cifs: fix crash in\n smb2_compound_op()/smb2_set_next_command()\n (bsc#1144333).\n\n - cifs: fix crash querying symlinks stored as\n reparse-points (bsc#1144333).\n\n - cifs: Fix credit calculation for encrypted reads with\n errors (bsc#1051510, bsc#1144333).\n\n - cifs: Fix credit calculations in compound mid callback\n (bsc#1144333).\n\n - cifs: Fix credit computation for compounded requests\n (bsc#1144333).\n\n - cifs: Fix credits calculation for cancelled requests\n (bsc#1144333).\n\n - cifs: Fix credits calculations for reads with errors\n (bsc#1051510, bsc#1144333).\n\n - cifs: fix credits leak for SMB1 oplock breaks\n (bsc#1144333).\n\n - cifs: fix deadlock in cached root handling\n (bsc#1144333).\n\n - cifs: Fix DFS cache refresher for DFS links\n (bsc#1144333).\n\n - cifs: fix encryption in SMB3.1.1 (bsc#1144333).\n\n - cifs: Fix encryption/signing (bsc#1144333).\n\n - cifs: Fix error mapping for SMB2_LOCK command which\n caused OFD lock problem (bsc#1051510, bsc#1144333).\n\n - cifs: Fix error paths in writeback code (bsc#1144333).\n\n - cifs: fix GlobalMid_Lock bug in cifs_reconnect\n (bsc#1144333).\n\n - cifs: fix handle leak in smb2_query_symlink()\n (bsc#1144333).\n\n - cifs: fix incorrect handling of smb2_set_sparse() return\n in smb3_simple_falloc (bsc#1144333).\n\n - cifs: Fix infinite loop when using hard mount option\n (bsc#1091171, bsc#1144333).\n\n - cifs: Fix invalid check in __cifs_calc_signature()\n (bsc#1144333).\n\n - cifs: Fix kernel oops when traceSMB is enabled\n (bsc#1144333).\n\n - cifs: fix kref underflow in close_shroot()\n (bsc#1144333).\n\n - cifs: Fix leaking locked VFS cache pages in writeback\n retry (bsc#1144333).\n\n - cifs: Fix lease buffer length error (bsc#1144333).\n\n - cifs: fix memory leak and remove dead code\n (bsc#1144333).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894,\n bsc#1144333).\n\n - cifs: fix memory leak in SMB2_read (bsc#1144333).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510,\n bsc#1144333).\n\n - cifs: fix memory leak of an allocated cifs_ntsd\n structure (bsc#1144333).\n\n - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl\n case (bsc#1144333).\n\n - cifs: Fix missing put_xid in cifs_file_strict_mmap\n (bsc#1087092, bsc#1144333).\n\n - cifs: Fix module dependency (bsc#1144333).\n\n - cifs: Fix mounts if the client is low on credits\n (bsc#1144333).\n\n - cifs: fix NULL deref in SMB2_read (bsc#1085539,\n bsc#1144333).\n\n - cifs: Fix NULL pointer dereference of devname\n (bnc#1129519).\n\n - cifs: Fix NULL pointer deref on SMB2_tcon() failure\n (bsc#1071009, bsc#1144333).\n\n - cifs: Fix NULL ptr deref (bsc#1144333).\n\n - cifs: fix page reference leak with readv/writev\n (bsc#1144333).\n\n - cifs: fix panic in smb2_reconnect (bsc#1144333).\n\n - cifs: fix parsing of symbolic link error response\n (bsc#1144333).\n\n - cifs: fix POSIX lock leak and invalid ptr deref\n (bsc#1114542, bsc#1144333).\n\n - cifs: Fix possible hang during async MTU reads and\n writes (bsc#1051510, bsc#1144333).\n\n - cifs: Fix possible oops and memory leaks in async IO\n (bsc#1144333).\n\n - cifs: Fix potential OOB access of lock element array\n (bsc#1051510, bsc#1144333).\n\n - cifs: Fix read after write for files with read caching\n (bsc#1051510, bsc#1144333).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510,\n bsc#1144333).\n\n - cifs: fix rmmod regression in cifs.ko caused by\n force_sig changes (bsc#1144333).\n\n - cifs: Fix separator when building path from dentry\n (bsc#1051510, bsc#1144333).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release\n (bsc#1051510, bsc#1144333).\n\n - cifs: fix signed/unsigned mismatch on aio_read patch\n (bsc#1144333).\n\n - cifs: Fix signing for SMB2/3 (bsc#1144333).\n\n - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2\n ACE setting (bsc#1144333).\n\n - cifs: Fix slab-out-of-bounds when tracing SMB tcon\n (bsc#1144333).\n\n - cifs: fix SMB1 breakage (bsc#1144333).\n\n - cifs: fix smb3_zero_range for Azure (bsc#1144333).\n\n - cifs: fix smb3_zero_range so it can expand the file-size\n when required (bsc#1144333).\n\n - cifs: fix sparse warning on previous patch in a few\n printks (bsc#1144333).\n\n - cifs: fix spelling mistake, EACCESS -> EACCES\n (bsc#1144333).\n\n - cifs: Fix stack out-of-bounds in\n smb(2,3)_create_lease_buf() (bsc#1051510, bsc#1144333).\n\n - cifs: fix strcat buffer overflow and reduce raciness in\n smb21_set_oplock_level() (bsc#1144333).\n\n - cifs: Fix to use kmem_cache_free() instead of kfree()\n (bsc#1144333).\n\n - cifs: Fix trace command logging for SMB2 reads and\n writes (bsc#1144333).\n\n - cifs: fix typo in cifs_dbg (bsc#1144333).\n\n - cifs: fix typo in debug message with struct field\n ia_valid (bsc#1144333).\n\n - cifs: fix uninitialized ptr deref in smb2 signing\n (bsc#1144333).\n\n - cifs: Fix use-after-free in SMB2_read (bsc#1144333).\n\n - cifs: Fix use-after-free in SMB2_write (bsc#1144333).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903,\n bsc#1144333).\n\n - cifs: fix use-after-free of the lease keys\n (bsc#1144333).\n\n - cifs: Fix validation of signed data in smb2\n (bsc#1144333).\n\n - cifs: Fix validation of signed data in smb3+\n (bsc#1144333).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510,\n bsc#1144333).\n\n - cifs: flush before set-info if we have writeable handles\n (bsc#1144333).\n\n - cifs: For SMB2 security informaion query, check for\n minimum sized security descriptor instead of sizeof\n FileAllInformation class (bsc#1051510, bsc#1144333).\n\n - cifs: handle large EA requests more gracefully in smb2+\n (bsc#1144333).\n\n - cifs: handle netapp error codes (bsc#1136261).\n\n - cifs: hide unused functions (bsc#1051510, bsc#1144333).\n\n - cifs: hide unused functions (bsc#1051510, bsc#1144333).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510,\n bsc#1144333).\n\n - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on\n legacy (insecure cifs) (bsc#1144333).\n\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510,\n bsc#1144333).\n\n - cifs: Introduce helper function to get page offset and\n length in smb_rqst (bsc#1144333).\n\n - cifs: Introduce offset for the 1st page in data transfer\n structures (bsc#1144333).\n\n - cifs: invalidate cache when we truncate a file\n (bsc#1051510, bsc#1144333).\n\n - cifs: keep FileInfo handle live during oplock break\n (bsc#1106284, bsc#1131565, bsc#1144333).\n\n - cifs: limit amount of data we request for xattrs to\n CIFSMaxBufSize (bsc#1144333).\n\n - cifs: Limit memory used by lock request calls to a page\n (bsc#1144333).\n\n - cifs_lookup(): cifs_get_inode_...() never returns 0 with\n *inode left NULL (bsc#1144333).\n\n - cifs_lookup(): switch to d_splice_alias() (bsc#1144333).\n\n - cifs: make arrays static const, reduces object code size\n (bsc#1144333).\n\n - cifs: Make devname param optional in\n cifs_compose_mount_options() (bsc#1144333).\n\n - cifs: make IPC a regular tcon (bsc#1071306,\n bsc#1144333).\n\n - cifs: make minor clarifications to module params for\n cifs.ko (bsc#1144333).\n\n - cifs: make mknod() an smb_version_op (bsc#1144333).\n\n - cifs: make 'nodfs' mount opt a superblock flag\n (bsc#1051510, bsc#1144333).\n\n - cifs: make rmdir() use compounding (bsc#1144333).\n\n - cifs: make smb_send_rqst take an array of requests\n (bsc#1144333).\n\n - cifs: Make sure all data pages are signed correctly\n (bsc#1144333).\n\n - cifs: Make use of DFS cache to get new DFS referrals\n (bsc#1144333).\n\n - cifs: Mask off signals when sending SMB packets\n (bsc#1144333).\n\n - cifs: minor clarification in comments (bsc#1144333).\n\n - cifs: Minor Kconfig clarification (bsc#1144333).\n\n - cifs: minor updates to module description for cifs.ko\n (bsc#1144333).\n\n - cifs: Move credit processing to mid callbacks for SMB3\n (bsc#1144333).\n\n - cifs: move default port definitions to cifsglob.h\n (bsc#1144333).\n\n - cifs: move large array from stack to heap (bsc#1144333).\n\n - cifs: Move open file handling to writepages\n (bsc#1144333).\n\n - cifs: Move unlocking pages from wdata_send_pages()\n (bsc#1144333).\n\n - cifs: OFD locks do not conflict with eachothers\n (bsc#1051510, bsc#1144333).\n\n - cifs: Only free DFS target list if we actually got one\n (bsc#1144333).\n\n - cifs: Only send SMB2_NEGOTIATE command on new TCP\n connections (bsc#1144333).\n\n - cifs: only wake the thread for the very last PDU in a\n compound (bsc#1144333).\n\n - cifs: parse and store info on iface queries\n (bsc#1144333).\n\n - cifs: pass flags down into wait_for_free_credits()\n (bsc#1144333).\n\n - cifs: Pass page offset for calculating signature\n (bsc#1144333).\n\n - cifs: Pass page offset for encrypting (bsc#1144333).\n\n - cifs: pass page offsets on SMB1 read/write\n (bsc#1144333).\n\n - cifs: prevent integer overflow in nxt_dir_entry()\n (bsc#1051510, bsc#1144333).\n\n - cifs: prevent starvation in wait_for_free_credits for\n multi-credit requests (bsc#1144333).\n\n - cifs: print CIFSMaxBufSize as part of\n /proc/fs/cifs/DebugData (bsc#1144333).\n\n - cifs: Print message when attempting a mount\n (bsc#1144333).\n\n - cifs: Properly handle auto disabling of serverino option\n (bsc#1144333).\n\n - cifs: protect against server returning invalid file\n system block size (bsc#1144333).\n\n - cifs: prototype declaration and definition for smb 2 - 3\n and cifsacl mount options (bsc#1051510, bsc#1144333).\n\n - cifs: prototype declaration and definition to set acl\n for smb 2 - 3 and cifsacl mount options (bsc#1051510,\n bsc#1144333).\n\n - cifs: push rfc1002 generation down the stack\n (bsc#1144333).\n\n - cifs: read overflow in is_valid_oplock_break()\n (bsc#1144333).\n\n - cifs: Reconnect expired SMB sessions (bnc#1060662).\n\n - cifs: refactor and clean up arguments in the reparse\n point parsing (bsc#1144333).\n\n - cifs: refactor crypto shash/sdesc allocation&free\n (bsc#1051510, bsc#1144333).\n\n - cifs: Refactor out cifs_mount() (bsc#1144333).\n\n - cifs: release auth_key.response for reconnect\n (bsc#1085536, bsc#1144333).\n\n - cifs: release cifs root_cred after exit_cifs\n (bsc#1085536, bsc#1144333).\n\n - cifs: remove coverity warning in calc_lanman_hash\n (bsc#1144333).\n\n - cifs: Remove custom credit adjustments for SMB2 async IO\n (bsc#1144333).\n\n - cifs: remove header_preamble_size where it is always 0\n (bsc#1144333).\n\n - cifs: remove redundant duplicated assignment of pointer\n 'node' (bsc#1144333).\n\n - cifs: remove rfc1002 hardcoded constants from\n cifs_discard_remaining_data() (bsc#1144333).\n\n - cifs: remove rfc1002 header from all SMB2 response\n structures (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_close_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_create_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_echo_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_flush_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_ioctl_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_lease_ack\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_lock_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_logoff_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_negotiate_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_oplock_break we\n get from server (bsc#1144333).\n\n - cifs: remove rfc1002 header from\n smb2_query_directory_req (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_query_info_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2 read/write\n requests (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_sess_setup_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_set_info_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from smb2_tree_connect_req\n (bsc#1144333).\n\n - cifs: remove rfc1002 header from\n smb2_tree_disconnect_req (bsc#1144333).\n\n - cifs: remove set but not used variable 'cifs_sb'\n (bsc#1144333).\n\n - cifs: remove set but not used variable 'sep'\n (bsc#1144333).\n\n - cifs: remove set but not used variable 'server'\n (bsc#1144333).\n\n - cifs: remove set but not used variable 'smb_buf'\n (bsc#1144333).\n\n - cifs: remove small_smb2_init (bsc#1144333).\n\n - cifs: remove smb2_send_recv() (bsc#1144333).\n\n - cifs: remove struct smb2_hdr (bsc#1144333).\n\n - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).\n\n - cifs: remove the is_falloc argument to SMB2_set_eof\n (bsc#1144333).\n\n - cifs: remove unused stats (bsc#1144333).\n\n - cifs: remove unused value pointed out by Coverity\n (bsc#1144333).\n\n - cifs: remove unused variable from SMB2_read\n (bsc#1144333).\n\n - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP\n (bsc#1144333).\n\n - cifs: Reopen file before get SMB2 MTU credits for async\n IO (bsc#1144333).\n\n - cifs: replace a 4 with\n server->vals->header_preamble_size (bsc#1144333).\n\n - cifs: replace snprintf with scnprintf (bsc#1144333).\n\n - cifs: Respect reconnect in MTU credits calculations\n (bsc#1144333).\n\n - cifs: Respect reconnect in non-MTU credits calculations\n (bsc#1144333).\n\n - cifs: Respect SMB2 hdr preamble size in read responses\n (bsc#1144333).\n\n - cifs: return correct errors when pinning memory failed\n for direct I/O (bsc#1144333).\n\n - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).\n\n - cifs: return -ENODATA when deleting an xattr that does\n not exist (bsc#1144333).\n\n - cifs: Return error code when getting file handle for\n writeback (bsc#1144333).\n\n - cifs: return error on invalid value written to cifsFYI\n (bsc#1144333).\n\n - cifs: Save TTL value when parsing DFS referrals\n (bsc#1144333).\n\n - cifs: Select all required crypto modules (bsc#1085536,\n bsc#1144333).\n\n - cifs: set mapping error when page writeback fails in\n writepage or launder_pages (bsc#1144333).\n\n - cifs: set oparms.create_options rather than or'ing in\n CREATE_OPEN_BACKUP_INTENT (bsc#1144333).\n\n - cifs: Set reconnect instance to one initially\n (bsc#1144333).\n\n - cifs: set *resp_buf_type to NO_BUFFER on error\n (bsc#1144333).\n\n - cifs: Show locallease in /proc/mounts for cifs shares\n mounted with locallease feature (bsc#1144333).\n\n - cifs: show 'soft' in the mount options for hard mounts\n (bsc#1144333).\n\n - cifs: show the w bit for writeable /proc/fs/cifs/* files\n (bsc#1144333).\n\n - cifs: silence compiler warnings showing up with\n gcc-8.0.0 (bsc#1090734, bsc#1144333).\n\n - cifs: Silence uninitialized variable warning\n (bsc#1144333).\n\n - cifs: simple stats should always be enabled\n (bsc#1144333).\n\n - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef\n (bsc#1144333). - Update config files.\n\n - cifs: simplify how we handle credits in\n compound_send_recv() (bsc#1144333).\n\n - cifs: Skip any trailing backslashes from UNC\n (bsc#1144333).\n\n - cifs: smb2 commands can not be negative, remove\n confusing check (bsc#1144333).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs\n (bsc#1051510, bsc#1144333).\n\n - cifs: smb2ops: Fix NULL check in smb2_query_symlink\n (bsc#1144333).\n\n - cifs: smb2pdu: Fix potential NULL pointer dereference\n (bsc#1144333).\n\n - cifs: SMBD: Add parameter rdata to smb2_new_read_req\n (bsc#1144333).\n\n - cifs: SMBD: Add rdma mount option (bsc#1144333).\n\n - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).\n\n - cifs: SMBD: Add SMB Direct protocol initial values and\n constants (bsc#1144333).\n\n - cifs: smbd: Avoid allocating iov on the stack\n (bsc#1144333).\n\n - cifs: smbd: avoid reconnect lockup (bsc#1144333).\n\n - cifs: smbd: Check for iov length on sending the last iov\n (bsc#1144333).\n\n - cifs: smbd: depend on INFINIBAND_ADDR_TRANS\n (bsc#1144333).\n\n - cifs: SMBD: Disable signing on SMB direct transport\n (bsc#1144333).\n\n - cifs: smbd: disconnect transport on RDMA errors\n (bsc#1144333).\n\n - cifs: SMBD: Do not call ib_dereg_mr on invalidated\n memory registration (bsc#1144333).\n\n - cifs: smbd: Do not destroy transport on RDMA disconnect\n (bsc#1144333).\n\n - cifs: smbd: Do not use RDMA read/write when signing is\n used (bsc#1144333).\n\n - cifs: smbd: Dump SMB packet when configured\n (bsc#1144333).\n\n - cifs: smbd: Enable signing with smbdirect (bsc#1144333).\n\n - cifs: SMBD: Establish SMB Direct connection\n (bsc#1144333).\n\n - cifs: SMBD: export protocol initial values\n (bsc#1144333).\n\n - cifs: SMBD: fix spelling mistake: faield and legnth\n (bsc#1144333).\n\n - cifs: SMBD: Fix the definition for\n SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).\n\n - cifs: SMBD: Implement function to create a SMB Direct\n connection (bsc#1144333).\n\n - cifs: SMBD: Implement function to destroy a SMB Direct\n connection (bsc#1144333).\n\n - cifs: SMBD: Implement function to receive data via RDMA\n receive (bsc#1144333).\n\n - cifs: SMBD: Implement function to reconnect to a SMB\n Direct transport (bsc#1144333).\n\n - cifs: SMBD: Implement function to send data via RDMA\n send (bsc#1144333).\n\n - cifs: SMBD: Implement RDMA memory registration\n (bsc#1144333).\n\n - cifs: smbd: Indicate to retry on transport sending\n failure (bsc#1144333).\n\n - cifs: SMBD: Read correct returned data length for RDMA\n write (SMB read) I/O (bsc#1144333).\n\n - cifs: smbd: Retry on memory registration failure\n (bsc#1144333).\n\n - cifs: smbd: Return EINTR when interrupted (bsc#1144333).\n\n - cifs: SMBD: Set SMB Direct maximum read or write size\n for I/O (bsc#1144333).\n\n - cifs: SMBD: _smbd_get_connection() can be static\n (bsc#1144333).\n\n - cifs: SMBD: Support page offset in memory registration\n (bsc#1144333).\n\n - cifs: SMBD: Support page offset in RDMA recv\n (bsc#1144333).\n\n - cifs: SMBD: Support page offset in RDMA send\n (bsc#1144333).\n\n - cifs: smbd: take an array of reqeusts when sending upper\n layer data (bsc#1144333).\n\n - cifs: SMBD: Upper layer connects to SMBDirect session\n (bsc#1144333).\n\n - cifs: SMBD: Upper layer destroys SMB Direct session on\n shutdown or umount (bsc#1144333).\n\n - cifs: SMBD: Upper layer performs SMB read via RDMA write\n through memory registration (bsc#1144333).\n\n - cifs: SMBD: Upper layer performs SMB write via RDMA read\n through memory registration (bsc#1144333).\n\n - cifs: SMBD: Upper layer receives data via RDMA receive\n (bsc#1144333).\n\n - cifs: SMBD: Upper layer reconnects to SMB Direct session\n (bsc#1144333).\n\n - cifs: SMBD: Upper layer sends data via RDMA send\n (bsc#1144333).\n\n - cifs:smbd Use the correct DMA direction when sending\n data (bsc#1144333).\n\n - cifs:smbd When reconnecting to server, call\n smbd_destroy() after all MIDs have been called\n (bsc#1144333).\n\n - cifs: SMBD: work around gcc -Wmaybe-uninitialized\n warning (bsc#1144333).\n\n - cifs: start DFS cache refresher in cifs_mount()\n (bsc#1144333).\n\n - cifs: store the leaseKey in the fid on SMB2_open\n (bsc#1051510, bsc#1144333).\n\n - cifs: suppress some implicit-fallthrough warnings\n (bsc#1144333).\n\n - cifs: track writepages in vfs operation counters\n (bsc#1144333).\n\n - cifs: Try to acquire credits at once for compound\n requests (bsc#1144333).\n\n - cifs: update calc_size to take a server argument\n (bsc#1144333).\n\n - cifs: update init_sg, crypt_message to take an array of\n rqst (bsc#1144333).\n\n - cifs: update internal module number (bsc#1144333).\n\n - cifs: update internal module version number\n (bsc#1144333).\n\n - cifs: update internal module version number\n (bsc#1144333).\n\n - cifs: update internal module version number\n (bsc#1144333).\n\n - cifs: update internal module version number\n (bsc#1144333).\n\n - cifs: update internal module version number\n (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko\n to 2.12 (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko\n to 2.12 (bsc#1144333).\n\n - cifs: update internal module version number for cifs.ko\n to 2.14 (bsc#1144333).\n\n - cifs: update module internal version number\n (bsc#1144333).\n\n - cifs: update multiplex loop to handle compounded\n responses (bsc#1144333).\n\n - cifs: update receive_encrypted_standard to handle\n compounded responses (bsc#1144333).\n\n - cifs: update smb2_calc_size to use smb2_sync_hdr instead\n of smb2_hdr (bsc#1144333).\n\n - cifs: update smb2_check_message to handle PDUs without a\n 4 byte length header (bsc#1144333).\n\n - cifs: update smb2_queryfs() to use compounding\n (bsc#1144333).\n\n - cifs: update __smb_send_rqst() to take an array of\n requests (bsc#1144333).\n\n - cifs: use a compound for setting an xattr (bsc#1144333).\n\n - cifs: use a refcount to protect open/closing the cached\n file handle (bsc#1144333).\n\n - cifs: use correct format characters (bsc#1144333).\n\n - cifs: Use correct packet length in SMB2_TRANSFORM header\n (bsc#1144333).\n\n - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount()\n (bsc#1144333).\n\n - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).\n\n - cifs: Use kmemdup rather than duplicating its\n implementation in smb311_posix_mkdir() (bsc#1144333).\n\n - cifs: Use kzfree() to free password (bsc#1144333).\n\n - cifs: Use offset when reading pages (bsc#1144333).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl\n functions (bsc#1051510, bsc#1144333).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl\n function (bsc#1051510, bsc#1144333).\n\n - cifs: use tcon_ipc instead of use_ipc parameter of\n SMB2_ioctl (bsc#1071306, bsc#1144333).\n\n - cifs: use the correct length when pinning memory for\n direct I/O for write (bsc#1144333).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510,\n bsc#1144333).\n\n - cifs: wait_for_free_credits() make it possible to wait\n for >=1 credits (bsc#1144333).\n\n - cifs: we can not use small padding iovs together with\n encryption (bsc#1144333).\n\n - cifs: When sending data on socket, pass the correct page\n offset (bsc#1144333).\n\n - cifs: zero-range does not require the file is sparse\n (bsc#1144333).\n\n - cifs: zero sensitive data when freeing (bsc#1087092,\n bsc#1144333).\n\n - Cleanup some minor endian issues in smb3 rdma\n (bsc#1144333).\n\n - clk: add clk_bulk_get accessories (bsc#1144813).\n\n - clk: bcm2835: remove pllb (jsc#SLE-7294).\n\n - clk: bcm283x: add driver interfacing with Raspberry Pi's\n firmware (jsc#SLE-7294).\n\n - clk: bulk: silently error out on EPROBE_DEFER\n (bsc#1144718,bsc#1144813).\n\n - clk: Export clk_bulk_prepare() (bsc#1144813).\n\n - clk: raspberrypi: register platform device for\n raspberrypi-cpufreq (jsc#SLE-7294).\n\n - clk: renesas: cpg-mssr: Fix reset control race condition\n (bsc#1051510).\n\n - clk: rockchip: Add 1.6GHz PLL rate for rk3399\n (bsc#1144718,bsc#1144813).\n\n - clk: rockchip: assign correct id for pclk_ddr and\n hclk_sd in rk3399 (bsc#1144718,bsc#1144813).\n\n - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling\n (bsc#1051510).\n\n - coredump: split pipe command whitespace before expanding\n template (bsc#1051510).\n\n - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).\n\n - cpufreq: dt: Try freeing static OPPs only if we have\n added them (jsc#SLE-7294).\n\n - cpu/speculation: Warn on unsupported mitigations=\n parameter (bsc#1114279).\n\n - crypto: ccp - Add support for valid authsize values less\n than 16 (bsc#1051510).\n\n - crypto: ccp - Fix oops by properly managing allocated\n structures (bsc#1051510).\n\n - crypto: ccp - Ignore tag length when decrypting GCM\n ciphertext (bsc#1051510).\n\n - crypto: ccp - Ignore unconfigured CCP device on\n suspend/resume (bnc#1145934).\n\n - crypto: ccp - Validate buffer lengths for copy\n operations (bsc#1051510).\n\n - cx82310_eth: fix a memory leak bug (bsc#1051510).\n\n - devres: always use dev_name() in devm_ioremap_resource()\n (git fixes).\n\n - dfs_cache: fix a wrong use of kfree in flush_cache_ent()\n (bsc#1144333).\n\n - dmaengine: rcar-dmac: Reject zero-length slave DMA\n requests (bsc#1051510).\n\n - dm btree: fix order of block initialization in\n btree_split_beneath (git fixes).\n\n - dm bufio: fix deadlock with loop device (git fixes).\n\n - dm cache metadata: Fix loading discard bitset (git\n fixes).\n\n - dm crypt: do not overallocate the integrity tag space\n (git fixes).\n\n - dm crypt: fix parsing of extended IV arguments (git\n fixes).\n\n - dm delay: fix a crash when invalid device is specified\n (git fixes).\n\n - dm: fix to_sector() for 32bit (git fixes).\n\n - dm integrity: change memcmp to strncmp in\n dm_integrity_ctr (git fixes).\n\n - dm integrity: limit the rate of error messages (git\n fixes).\n\n - dm kcopyd: always complete failed jobs (git fixes).\n\n - dm log writes: make sure super sector log updates are\n written in order (git fixes).\n\n - dm raid: add missing cleanup in raid_ctr() (git fixes).\n\n - dm: revert 8f50e358153d ('dm: limit the max bio size as\n BIO_MAX_PAGES * PAGE_SIZE') (git fixes).\n\n - dm space map metadata: fix missing store of apply_bops()\n return value (git fixes).\n\n - dm table: fix invalid memory accesses with too high\n sector number (git fixes).\n\n - dm table: propagate BDI_CAP_STABLE_WRITES to fix\n sporadic checksum errors (git fixes).\n\n - dm thin: fix bug where bio that overwrites thin block\n ignores FUA (git fixes).\n\n - dm thin: fix passdown_double_checking_shared_status()\n (git fixes).\n\n - dm zoned: fix potential NULL dereference in\n dmz_do_reclaim() (git fixes).\n\n - dm zoned: Fix zone report handling (git fixes).\n\n - dm zoned: fix zone state management race (git fixes).\n\n - dm zoned: improve error handling in i/o map code (git\n fixes).\n\n - dm zoned: improve error handling in reclaim (git fixes).\n\n - dm zoned: properly handle backing device failure (git\n fixes).\n\n - dm zoned: Silence a static checker warning (git fixes).\n\n - Do not log confusing message on reconnect by default\n (bsc#1129664, bsc#1144333).\n\n - Do not log expected error on DFS referral request\n (bsc#1051510, bsc#1144333).\n\n - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS\n ioctl (bsc#1051510).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate\n some strings (bsc#1051510).\n\n - drm/amdgpu/psp: move psp version specific function\n pointers to (bsc#1135642)\n\n - drm/etnaviv: add missing failure path to destroy\n suballoc (bsc#1135642)\n\n - drm/i915: Do not deballoon unused ggtt drm_mm_node in\n linux guest (bsc#1142635)\n\n - drm/i915: Fix wrong escape clock divisor init for GLK\n (bsc#1142635)\n\n - drm/i915/perf: ensure we keep a reference on the driver\n (bsc#1142635)\n\n - drm/i915: Restore relaxed padding\n (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)\n\n - drm/i915/userptr: Acquire the page lock around\n set_page_dirty() (bsc#1051510).\n\n - drm/imx: notify drm core before sending event during\n crtc disable (bsc#1135642)\n\n - drm/imx: only send event on crtc disable if kept\n disabled (bsc#1135642)\n\n - drm/mediatek: call drm_atomic_helper_shutdown() when\n unbinding driver (bsc#1135642)\n\n - drm/mediatek: call mtk_dsi_stop() after\n mtk_drm_crtc_atomic_disable() (bsc#1135642)\n\n - drm/mediatek: clear num_pipes when unbind driver\n (bsc#1135642)\n\n - drm/mediatek: fix unbind functions (bsc#1135642)\n\n - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before\n goto (bsc#1142635)\n\n - drm/mediatek: unbind components in mtk_drm_unbind()\n (bsc#1135642)\n\n - drm/mediatek: use correct device to import PRIME buffers\n (bsc#1142635)\n\n - drm: msm: Fix add_gpu_components (bsc#1051510).\n\n - drm/msm/mdp5: Fix mdp5_cfg_init error return\n (bsc#1142635)\n\n - drm/nouveau: Do not retry infinitely when receiving no\n data on i2c (bsc#1142635)\n\n - drm/nouveau: fix memory leak in nouveau_conn_reset()\n (bsc#1051510).\n\n - drm/rockchip: Suspend DP late (bsc#1142635)\n\n - drm: silence variable 'conn' set but not used\n (bsc#1051510).\n\n - drm/udl: introduce a macro to convert dev to udl.\n (bsc#1113722)\n\n - drm/udl: move to embedding drm device inside udl device.\n (bsc#1113722)\n\n - drm/vmwgfx: fix a warning due to missing dma_parms\n (bsc#1135642)\n\n - drm/vmwgfx: fix memory leak when too many retries have\n occurred (bsc#1051510).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not\n available (bsc#1135642)\n\n - Drop an ASoC fix that was reverted in 4.14.y stable\n\n - ehea: Fix a copy-paste err in ehea_init_port_res\n (bsc#1051510).\n\n - ext4: use jbd2_inode dirty range scoping (bsc#1148616).\n\n - firmware: raspberrypi: register clk device\n (jsc#SLE-7294).\n\n - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935\n allow write on the same file (bsc#1144333).\n\n - Fix encryption labels and lengths for SMB3.1.1\n (bsc#1085536, bsc#1144333).\n\n - fix incorrect error code mapping for OBJECTID_NOT_FOUND\n (bsc#1144333).\n\n - Fix kABI after KVM fixes\n\n - Fix match_server check to allow for auto dialect\n negotiate (bsc#1144333).\n\n - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536,\n bsc#1144333).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y\n (bsc#1051510, bsc#1144333).\n\n - fix struct ufs_req removal of unused field (git-fixes).\n\n - Fix warning messages when mounting to older servers\n (bsc#1144333).\n\n - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).\n\n - fs: cifs: cifsssmb: Change return type of\n convert_ace_to_cifs_ace (bsc#1144333).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to\n backslash (bsc#1144333).\n\n - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL)\n (bsc#1144333).\n\n - fs/cifs: fix uninitialised variable warnings\n (bsc#1144333).\n\n - fs: cifs: Kconfig: pedantic formatting (bsc#1144333).\n\n - fs: cifs: Replace _free_xid call in cifs_root_iget\n function (bsc#1144333).\n\n - fs/cifs: require sha512 (bsc#1051510, bsc#1144333).\n\n - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls\n (bsc#1144333).\n\n - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free\n (bsc#1144333).\n\n - fs/cifs: suppress a string overflow warning\n (bsc#1144333).\n\n - fs/*/Kconfig: drop links to 404-compliant\n http://acl.bestbits.at (bsc#1144333).\n\n - fsl/fman: Use GFP_ATOMIC in\n (memac,tgec)_add_hash_mac_address() (bsc#1051510).\n\n - fs/xfs: Fix return code of xfs_break_leased_layouts()\n (bsc#1148031).\n\n - fs: xfs: xfs_log: Do not use KM_MAYFAIL at\n xfs_log_reserve() (bsc#1148033).\n\n - ftrace: Check for empty hash and comment the race with\n registering probes (bsc#1149418).\n\n - ftrace: Check for successful allocation of hash\n (bsc#1149424).\n\n - ftrace: Fix NULL pointer dereference in t_probe_next()\n (bsc#1149413).\n\n - gpio: Fix build error of function redefinition\n (bsc#1051510).\n\n - gpio: gpio-omap: add check for off wake capable gpios\n (bsc#1051510).\n\n - gpiolib: fix incorrect IRQ requesting of an active-low\n lineevent (bsc#1051510).\n\n - gpiolib: never report open-drain/source lines as 'input'\n to user-space (bsc#1051510).\n\n - gpio: mxs: Get rid of external API call (bsc#1051510).\n\n - gpio: pxa: handle corner case of unprobed device\n (bsc#1051510).\n\n - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM\n (bsc#1142635)\n\n - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT\n (bsc#1051510).\n\n - HID: Add quirk for HP X1200 PIXART OEM mouse\n (bsc#1051510).\n\n - HID: cp2112: prevent sleeping function called from\n invalid context (bsc#1051510).\n\n - HID: hiddev: avoid opening a disconnected device\n (bsc#1051510).\n\n - HID: hiddev: do cleanup in failure of opening a device\n (bsc#1051510).\n\n - HID: holtek: test for sanity of intfdata (bsc#1051510).\n\n - HID: sony: Fix race condition between rumble and device\n remove (bsc#1051510).\n\n - HID: wacom: Correct distance scale for 2nd-gen Intuos\n devices (bsc#1142635).\n\n - HID: wacom: correct misreported EKR ring values\n (bsc#1142635).\n\n - HID: wacom: fix bit shift for Cintiq Companion 2\n (bsc#1051510).\n\n - hwmon: (nct7802) Fix wrong detection of in4 presence\n (bsc#1051510).\n\n - i2c: emev2: avoid race when unregistering slave client\n (bsc#1051510).\n\n - i2c: piix4: Fix port selection for AMD Family 16h Model\n 30h (bsc#1051510).\n\n - i2c: qup: fixed releasing dma without flush operation\n completion (bsc#1051510).\n\n - IB/mlx5: Fix MR registration flow to use UMR properly\n (bsc#1093205 bsc#1145678).\n\n - ibmveth: Convert multicast list size for little-endian\n system (bsc#1061843).\n\n - ibmvnic: Do not process reset during or after device\n removal (bsc#1149652 ltc#179635).\n\n - ibmvnic: Unmap DMA address of TX descriptor buffers\n after use (bsc#1146351 ltc#180726).\n\n - igmp: fix memory leak in igmpv3_del_delrec()\n (networking-stable-19_07_25).\n\n - iio: adc: max9611: Fix misuse of GENMASK macro\n (bsc#1051510).\n\n - iio: adc: max9611: Fix temperature reading in probe\n (bsc#1051510).\n\n - Improve security, move default dialect to SMB3 from old\n CIFS (bsc#1051510, bsc#1144333).\n\n - include/linux/bitops.h: sanitize rotate primitives (git\n fixes).\n\n - Input: iforce - add sanity checks (bsc#1051510).\n\n - Input: kbtab - sanity check for endpoint type\n (bsc#1051510).\n\n - Input: synaptics - enable RMI mode for HP Spectre X360\n (bsc#1051510).\n\n - intel_th: pci: Add support for another Lewisburg PCH\n (bsc#1051510).\n\n - intel_th: pci: Add Tiger Lake support (bsc#1051510).\n\n - iommu/amd: Add support for X2APIC IOMMU interrupts\n (bsc#1145010).\n\n - iommu/amd: Fix race in increase_address_space()\n (bsc#1150860).\n\n - iommu/amd: Flush old domains in kdump kernel\n (bsc#1150861).\n\n - iommu/amd: Move iommu_init_pci() to .init section\n (bsc#1149105).\n\n - iommu/dma: Handle SG length overflow better\n (bsc#1146084).\n\n - ipip: validate header length in ipip_tunnel_xmit\n (git-fixes).\n\n - ipv4: do not set IPv6 only flags to IPv4 addresses\n (networking-stable-19_07_25).\n\n - irqchip/gic-v3-its: fix build warnings (bsc#1144880).\n\n - ISDN: hfcsusb: checking idx of ep configuration\n (bsc#1051510).\n\n - isdn: hfcsusb: Fix mISDN driver crash caused by transfer\n buffer on the stack (bsc#1051510).\n\n - isdn: mISDN: hfcsusb: Fix possible NULL pointer\n dereferences in start_isoc_chain() (bsc#1051510).\n\n - iwlwifi: dbg: split iwl_fw_error_dump to two functions\n (bsc#1119086).\n\n - iwlwifi: do not unmap as page memory that was mapped as\n single (bsc#1051510).\n\n - iwlwifi: fix bad dma handling in page_mem dumping flow\n (bsc#1120902).\n\n - iwlwifi: fw: use helper to determine whether to dump\n paging (bsc#1106434). Patch needed to be adjusted,\n because our tree does not have the global variable\n IWL_FW_ERROR_DUMP_PAGING\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version\n < 41 (bsc#1142635).\n\n - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).\n\n - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT\n support (bsc#1142635).\n\n - iwlwifi: pcie: do not service an interrupt that was\n masked (bsc#1142635).\n\n - iwlwifi: pcie: fix ALIVE interrupt handling for gen2\n devices w/o MSI-X (bsc#1142635).\n\n - jbd2: flush_descriptor(): Do not decrease buffer head's\n ref count (bsc#1143843).\n\n - jbd2: introduce jbd2_inode dirty range scoping\n (bsc#1148616).\n\n - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).\n\n - kasan: remove redundant initialization of variable\n 'real_size' (git fixes).\n\n - kconfig/[mn]conf: handle backspace (^H) key\n (bsc#1051510).\n\n - keys: Fix missing NULL pointer check in\n request_key_auth_describe() (bsc#1051510).\n\n - KVM: Fix leak vCPU's VMCS value into other pCPU\n (bsc#1145388).\n\n - KVM: LAPIC: Fix pending interrupt in IRR blocked by\n software disable LAPIC (bsc#1145408).\n\n - KVM: nVMX: allow setting the VMFUNC controls MSR\n (bsc#1145389).\n\n - KVM: nVMX: do not use dangling shadow VMCS after guest\n reset (bsc#1145390).\n\n - kvm: nVMX: Remove unnecessary sync_roots from\n handle_invept (bsc#1145391).\n\n - KVM: nVMX: Use adjusted pin controls for vmcs02\n (bsc#1145392).\n\n - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation\n (bsc#1061840).\n\n - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT\n with bad value (bsc#1145393).\n\n - KVM: VMX: check CPUID before allowing read/write of\n IA32_XSS (bsc#1145394).\n\n - KVM: VMX: Fix handling of #MC that occurs during\n VM-Entry (bsc#1145395).\n\n - KVM: x86: degrade WARN to pr_warn_ratelimited\n (bsc#1145409).\n\n - KVM: x86: Do not update RIP or do single-step on\n faulting emulation (bsc#1149104).\n\n - KVM: x86: fix backward migration with async_PF\n (bsc#1146074).\n\n - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array\n emulated_msrs (bsc#1134881 bsc#1134882).\n\n - KVM: X86: Reduce the overhead when lapic_timer_advance\n is disabled (bsc#1149083).\n\n - KVM: x86: Unconditionally enable irqs in guest context\n (bsc#1145396).\n\n - KVM: x86/vPMU: refine kvm_pmu err msg when event\n creation failed (bsc#1145397).\n\n - lan78xx: Fix memory leaks (bsc#1051510).\n\n - libata: add SG safety checks in SFF pio transfers\n (bsc#1051510).\n\n - libata: have ata_scsi_rw_xlat() fail invalid passthrough\n requests (bsc#1051510).\n\n - libceph: allow ceph_buffer_put() to receive a NULL\n ceph_buffer (bsc#1148133).\n\n - libceph: fix PG split vs OSD (re)connect race\n (bsc#1148133).\n\n - libnvdimm/pfn: Store correct value of npfns in namespace\n superblock (bsc#1146381 ltc#180720).\n\n - liquidio: add cleanup in octeon_setup_iq()\n (bsc#1051510).\n\n - loop: set PF_MEMALLOC_NOIO for the worker thread (git\n fixes).\n\n - mac80211: do not warn about CW params when not using\n them (bsc#1051510).\n\n - mac80211: do not WARN on short WMM parameters from AP\n (bsc#1051510).\n\n - mac80211: fix possible memory leak in\n ieee80211_assign_beacon (bsc#1142635).\n\n - mac80211: fix possible sta leak (bsc#1051510).\n\n - md: add mddev->pers to avoid potential NULL pointer\n dereference (git fixes).\n\n - md/raid: raid5 preserve the writeback action after the\n parity check (git fixes).\n\n - media: au0828: fix null dereference in error path\n (bsc#1051510).\n\n - media: pvrusb2: use a different format for warnings\n (bsc#1051510).\n\n - mfd: arizona: Fix undefined behavior (bsc#1051510).\n\n - mfd: core: Set fwnode for created devices (bsc#1051510).\n\n - mfd: hi655x-pmic: Fix missing return value check for\n devm_regmap_init_mmio_clk (bsc#1051510).\n\n - mfd: intel-lpss: Add Intel Comet Lake PCI IDs\n (jsc#SLE-4875).\n\n - mm: add filemap_fdatawait_range_keep_errors()\n (bsc#1148616).\n\n - mmc: cavium: Add the missing dma unmap when the dma has\n finished (bsc#1051510).\n\n - mmc: cavium: Set the correct dma max segment size for\n mmc_host (bsc#1051510).\n\n - mmc: core: Fix init of SD cards reporting an invalid VDD\n range (bsc#1051510).\n\n - mmc: dw_mmc: Fix occasional hang after tuning on eMMC\n (bsc#1051510).\n\n - mmc: sdhci-of-at91: add quirk for broken HS200\n (bsc#1051510).\n\n - mmc: sdhci-pci: Add support for Intel CML\n (jsc#SLE-4875).\n\n - mmc: sdhci-pci: Add support for Intel ICP\n (jsc#SLE-4875).\n\n - mm: do not stall register_shrinker() (bsc#1104902, VM\n Performance).\n\n - mm/hmm: fix bad subpage pointer in try_to_unmap_one\n (bsc#1148202, HMM, VM Functionality).\n\n - mm/hotplug: fix offline undo_isolate_page_range()\n (bsc#1148196, VM Functionality).\n\n - mm/list_lru.c: fix memory leak in\n __memcg_init_list_lru_node (bsc#1148379, VM\n Functionality).\n\n - mm/memcontrol.c: fix use after free in mem_cgroup_iter()\n (bsc#1149224, VM Functionality).\n\n - mm/memory.c: recheck page table entry with page table\n lock held (bsc#1148363, VM Functionality).\n\n - mm/migrate.c: initialize pud_entry in migrate_vma()\n (bsc#1148198, HMM, VM Functionality).\n\n - mm/mlock.c: change count_mm_mlocked_page_nr return type\n (bsc#1148527, VM Functionality).\n\n - mm/mlock.c: mlockall error for flag MCL_ONFAULT\n (bsc#1148527, VM Functionality).\n\n - mm/page_alloc.c: fix calculation of pgdat->nr_zones\n (bsc#1148192, VM Functionality).\n\n - mm: page_mapped: do not assume compound page is huge or\n THP (bsc#1148574, VM Functionality).\n\n - mm, page_owner: handle THP splits correctly\n (bsc#1149197, VM Debugging Functionality).\n\n - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()\n (bsc#1118689).\n\n - mm/vmscan.c: fix trying to reclaim unevictable LRU page\n (bsc#1149214, VM Functionality).\n\n - move a few externs to smbdirect.h to eliminate warning\n (bsc#1144333).\n\n - mpls: fix warning with multi-label encap (bsc#1051510).\n\n - nbd: replace kill_bdev() with __invalidate_device()\n again (git fixes).\n\n - Negotiate and save preferred compression algorithms\n (bsc#1144333).\n\n - net: bcmgenet: use promisc for unsupported filters\n (networking-stable-19_07_25).\n\n - net: bridge: mcast: fix stale ipv6 hdr pointer when\n handling v6 query (networking-stable-19_07_25).\n\n - net: bridge: mcast: fix stale nsrcs pointer in\n igmp3/mld2 report handling (networking-stable-19_07_25).\n\n - net: bridge: stp: do not cache eth dest pointer before\n skb pull (networking-stable-19_07_25).\n\n - net: dsa: mv88e6xxx: wait after reset deactivation\n (networking-stable-19_07_25).\n\n - net: ena: add ethtool function for changing io queue\n sizes (bsc#1139020 bsc#1139021).\n\n - net: ena: add good checksum counter (bsc#1139020\n bsc#1139021).\n\n - net: ena: add handling of llq max tx burst size\n (bsc#1139020 bsc#1139021).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command\n (bsc#1139020 bsc#1139021).\n\n - net: ena: add newline at the end of pr_err prints\n (bsc#1139020 bsc#1139021).\n\n - net: ena: add support for changing max_header_size in\n LLQ mode (bsc#1139020 bsc#1139021).\n\n - net: ena: allow automatic fallback to polling mode\n (bsc#1139020 bsc#1139021).\n\n - net: ena: allow queue allocation backoff when low on\n memory (bsc#1139020 bsc#1139021).\n\n - net: ena: arrange ena_probe() function variables in\n reverse christmas tree (bsc#1139020 bsc#1139021).\n\n - net: ena: enable negotiating larger Rx ring size\n (bsc#1139020 bsc#1139021).\n\n - net: ena: ethtool: add extra properties retrieval via\n get_priv_flags (bsc#1139020 bsc#1139021).\n\n - net: ena: Fix bug where ring allocation backoff stopped\n too late (bsc#1139020 bsc#1139021).\n\n - net: ena: fix ena_com_fill_hash_function()\n implementation (bsc#1139020 bsc#1139021).\n\n - net: ena: fix: Free napi resources when ena_up() fails\n (bsc#1139020 bsc#1139021).\n\n - net: ena: fix incorrect test of supported hash function\n (bsc#1139020 bsc#1139021).\n\n - net: ena: fix: set freed objects to NULL to avoid\n failing future allocations (bsc#1139020 bsc#1139021).\n\n - net: ena: fix swapped parameters when calling\n ena_com_indirect_table_fill_entry (bsc#1139020\n bsc#1139021).\n\n - net: ena: gcc 8: fix compilation warning (bsc#1139020\n bsc#1139021).\n\n - net: ena: improve latency by disabling adaptive\n interrupt moderation by default (bsc#1139020\n bsc#1139021).\n\n - net: ena: make ethtool show correct current and max\n queue sizes (bsc#1139020 bsc#1139021).\n\n - net: ena: optimise calculations for CQ doorbell\n (bsc#1139020 bsc#1139021).\n\n - net: ena: remove inline keyword from functions in *.c\n (bsc#1139020 bsc#1139021).\n\n - net: ena: replace free_tx/rx_ids union with single\n free_ids field in ena_ring (bsc#1139020 bsc#1139021).\n\n - net: ena: update driver version from 2.0.3 to 2.1.0\n (bsc#1139020 bsc#1139021).\n\n - net: ena: use dev_info_once instead of static variable\n (bsc#1139020 bsc#1139021).\n\n - net: Fix netdev_WARN_ONCE macro (git-fixes).\n\n - net/ibmvnic: Fix missing ( in __ibmvnic_reset\n (bsc#1149652 ltc#179635).\n\n - net/ibmvnic: free reset work of removed device from\n queue (bsc#1149652 ltc#179635).\n\n - net: Introduce netdev_*_once functions\n (networking-stable-19_07_25).\n\n - net: make skb_dst_force return true when dst is\n refcounted (networking-stable-19_07_25).\n\n - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw\n command (bsc#1145678).\n\n - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn\n (networking-stable-19_07_25).\n\n - net: neigh: fix multiple neigh timer scheduling\n (networking-stable-19_07_25).\n\n - net: openvswitch: fix csum updates for MPLS actions\n (networking-stable-19_07_25).\n\n - netrom: fix a memory leak in nr_rx_frame()\n (networking-stable-19_07_25).\n\n - netrom: hold sock when setting skb->destructor\n (networking-stable-19_07_25).\n\n - net_sched: unset TCQ_F_CAN_BYPASS when adding filters\n (networking-stable-19_07_25).\n\n - net: sched: verify that q!=NULL before setting q->flags\n (git-fixes).\n\n - net: usb: pegasus: fix improper read if get_registers()\n fail (bsc#1051510).\n\n - NFS: Cleanup if nfs_match_client is interrupted\n (bsc#1134291).\n\n - NFS: Fix a double unlock from nfs_match,get_client\n (bsc#1134291).\n\n - NFS: Fix the inode request accounting when pages have\n subrequests (bsc#1140012).\n\n - NFS: make nfs_match_client killable (bsc#1134291).\n\n - nilfs2: do not use unexported\n cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).\n\n - nvme: cancel request synchronously (bsc#1145661).\n\n - nvme: change locking for the per-subsystem controller\n list (bsc#1142541).\n\n - nvme-core: Fix extra device_put() call on error path\n (bsc#1142541).\n\n - nvme-fc: fix module unloads while lports still pending\n (bsc#1150033).\n\n - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN\n (bsc#1146938).\n\n - nvme-multipath: fix ana log nsid lookup when nsid is not\n found (bsc#1141554).\n\n - nvme-multipath: relax ANA state check (bsc#1123105).\n\n - nvme-multipath: revalidate nvme_ns_head gendisk in\n nvme_validate_ns (bsc#1120876).\n\n - nvme: Return BLK_STS_TARGET if the DNR bit is set\n (bsc#1142076).\n\n - objtool: Add rewind_stack_do_exit() to the noreturn list\n (bsc#1145302).\n\n - objtool: Support GCC 9 cold subfunction naming scheme\n (bsc#1145300).\n\n - octeon_mgmt: Fix MIX registers configuration on MTU\n setup (bsc#1051510).\n\n - PCI: PM/ACPI: Refresh all stale power state data in\n pci_pm_complete() (bsc#1149106).\n\n - PCI: Restore Resizable BAR size bits correctly for 1MB\n BARs (bsc#1143841).\n\n - phy: qcom-qusb2: Fix crash if nvmem cell not specified\n (bsc#1051510).\n\n - phy: renesas: rcar-gen2: Fix memory leak at error paths\n (bsc#1051510).\n\n - PM / devfreq: rk3399_dmc: do not print error when get\n supply and clk defer (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: fix spelling mistakes\n (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: Pass ODT and auto power down\n parameters to TF-A (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: remove unneeded semicolon\n (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rk3399_dmc: remove wait for dcf irq event\n (bsc#1144718,bsc#1144813).\n\n - PM / devfreq: rockchip-dfi: Move GRF defin