SUSE SLES12 Security Update : xen (SUSE-SU-2020:1633-1)

2020-07-09T00:00:00

Description

This update for xen fixes the following issues : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205). Fixed an issue with efi boot when nvidia optimus or newer graphic cards are used (bsc#1168178).d Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "SUSE_SU-2020-1633-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1633-1)", "description": "This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nFixed an issue with efi boot when nvidia optimus or newer graphic cards are used (bsc#1168178).d\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-07-09T00:00:00", "modified": "2020-07-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/138266", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2020-0543/", "https://bugzilla.suse.com/show_bug.cgi?id=1172205", "https://bugzilla.suse.com/show_bug.cgi?id=1027519", "http://www.nessus.org/u?59b59be3", "https://bugzilla.suse.com/show_bug.cgi?id=1168178", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543"], "cvelist": ["CVE-2020-0543"], "immutableFields": [], "lastseen": "2023-07-20T15:02:55", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3027"]}, {"type": "amazon", "idList": ["ALAS-2020-1396", "ALAS-2020-1401", "ALAS-2020-1465", "ALAS2-2020-1444"]}, {"type": "archlinux", "idList": ["ASA-202006-10"]}, {"type": "attackerkb", "idList": ["AKB:555EF2E1-269F-4133-8D13-B67EA80F8CC3"]}, {"type": "centos", "idList": ["CESA-2020:2430", "CESA-2020:2432", "CESA-2020:2433", "CESA-2020:2664", "CESA-2021:3028"]}, {"type": "citrix", "idList": ["CTX275165"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0835B914E665F771DA10821B3BDE2D9F", "CFOUNDRY:2B547AA94018245E71F37CB94BA4EEBC", "CFOUNDRY:A5CCCF4486FE273FEA953C57B224799B"]}, {"type": "cve", "idList": ["CVE-2020-0543"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2248-1:806E4", "DEBIAN:DLA-2248-1:D7645", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43", "DEBIAN:DSA-4701-1:768E4", "DEBIAN:DSA-4701-1:BB3B8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-0543"]}, {"type": "f5", "idList": ["F5:K25920352"]}, {"type": "fedora", "idList": ["FEDORA:055473124314", "FEDORA:1E93431CA0AD", "FEDORA:29E8B30D1A9E", "FEDORA:2AE7F3118C24", "FEDORA:3A4183118C44", "FEDORA:3C5D13124326", "FEDORA:AEC7F30A071F"]}, {"type": "freebsd", "idList": ["FBCBA194-AC7D-11EA-8B5E-B42E99A1B9C3"]}, {"type": "hp", "idList": ["HP:C06655648"]}, {"type": "ibm", "idList": ["11A6D2D3E2F465B16C8FA5A033A65600813397804613FDB0328399EEA7561293", "570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF"]}, {"type": "ics", "idList": ["ICSA-20-252-07"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00320"]}, {"type": "lenovo", "idList": ["LENOVO:PS500327-INTEL-SPECIAL-REGISTER-BUFFER-DATA-SAMPLING-ADVISORY-NOSID", "LENOVO:PS500327-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2020-0298", "MGASA-2020-0333"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1444.NASL", "AL2_ALAS-2020-1465.NASL", "AL2_ALASKERNEL-5_4-2022-012.NASL", "ALA_ALAS-2020-1396.NASL", "ALA_ALAS-2020-1401.NASL", "ALMA_LINUX_ALSA-2021-3027.NASL", "CENTOS8_RHSA-2020-2431.NASL", "CENTOS8_RHSA-2021-3027.NASL", "CENTOS_RHSA-2020-2432.NASL", "CENTOS_RHSA-2020-2433.NASL", "CENTOS_RHSA-2021-3028.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DLA-2248.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4699.NASL", "DEBIAN_DSA-4701.NASL", "EULEROS_SA-2020-1807.NASL", "EULEROS_SA-2020-1892.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2021-1684.NASL", "FEDORA_2020-11DDBFBDF0.NASL", "FEDORA_2020-1AFBE7BA2D.NASL", "FEDORA_2020-3364913ACE.NASL", "FEDORA_2020-E47D28BC2B.NASL", "FEDORA_2020-E8835A5F8E.NASL", "FREEBSD_PKG_FBCBA194AC7D11EA8B5EB42E99A1B9C3.NASL", "NEWSTART_CGSL_NS-SA-2020-0071_MICROCODE_CTL.NASL", "NEWSTART_CGSL_NS-SA-2021-0001_MICROCODE_CTL.NASL", "NEWSTART_CGSL_NS-SA-2021-0139_MICROCODE_CTL.NASL", "NEWSTART_CGSL_NS-SA-2022-0011_MICROCODE_CTL.NASL", "NEWSTART_CGSL_NS-SA-2022-0046_MICROCODE_CTL.NASL", "NEWSTART_CGSL_NS-SA-2022-0060_MICROCODE_CTL.NASL", "OPENSUSE-2020-791.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-818.NASL", "OPENSUSE-2020-965.NASL", "OPENSUSE-2020-985.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2020-2431.NASL", "ORACLELINUX_ELSA-2020-2432.NASL", "ORACLELINUX_ELSA-2020-2433.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5722.NASL", "ORACLELINUX_ELSA-2020-5732.NASL", "ORACLELINUX_ELSA-2020-5750.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5756.NASL", "ORACLELINUX_ELSA-2021-3027.NASL", "ORACLELINUX_ELSA-2021-3028.NASL", "ORACLEVM_OVMSA-2020-0026.NASL", "ORACLEVM_OVMSA-2020-0027.NASL", "ORACLEVM_OVMSA-2020-0028.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "REDHAT-RHSA-2020-2431.NASL", "REDHAT-RHSA-2020-2432.NASL", "REDHAT-RHSA-2020-2433.NASL", "REDHAT-RHSA-2020-2677.NASL", "REDHAT-RHSA-2020-2679.NASL", "REDHAT-RHSA-2020-2680.NASL", "REDHAT-RHSA-2020-2706.NASL", "REDHAT-RHSA-2020-2707.NASL", "REDHAT-RHSA-2020-2757.NASL", "REDHAT-RHSA-2020-2758.NASL", "REDHAT-RHSA-2020-2771.NASL", "REDHAT-RHSA-2020-2842.NASL", "REDHAT-RHSA-2021-3027.NASL", "REDHAT-RHSA-2021-3028.NASL", "REDHAT-RHSA-2021-3029.NASL", "REDHAT-RHSA-2021-3176.NASL", "REDHAT-RHSA-2021-3255.NASL", "REDHAT-RHSA-2021-3317.NASL", "REDHAT-RHSA-2021-3322.NASL", "REDHAT-RHSA-2021-3323.NASL", "REDHAT-RHSA-2021-3364.NASL", "SLACKWARE_SSA_2020-163-01.NASL", "SL_20200610_MICROCODE_CTL_ON_SL6_X.NASL", "SL_20210809_MICROCODE_CTL_ON_SL7_X.NASL", "SUSE_SU-2020-14393-1.NASL", "SUSE_SU-2020-14394-1.NASL", "SUSE_SU-2020-14521-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1589-1.NASL", "SUSE_SU-2020-1595-1.NASL", "SUSE_SU-2020-1596-1.NASL", "SUSE_SU-2020-1597-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1601-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1609-1.NASL", "SUSE_SU-2020-1630-1.NASL", "SUSE_SU-2020-1632-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-1887-1.NASL", "SUSE_SU-2020-1889-1.NASL", "SUSE_SU-2020-1902-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-2822-1.NASL", "UBUNTU_USN-4385-1.NASL", "UBUNTU_USN-4385-2.NASL", "UBUNTU_USN-4387-1.NASL", "UBUNTU_USN-4388-1.NASL", "UBUNTU_USN-4389-1.NASL", "UBUNTU_USN-4390-1.NASL", "UBUNTU_USN-4391-1.NASL", "UBUNTU_USN-5617-1.NASL", "VIRTUOZZO_VZA-2020-045.NASL", "XEN_SERVER_XSA-320.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108766", "OPENVAS:1361412562310108812", "OPENVAS:1361412562310704698", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310704701", "OPENVAS:1361412562310844461", "OPENVAS:1361412562310844462", "OPENVAS:1361412562310844463", "OPENVAS:1361412562310844464", "OPENVAS:1361412562310844465", "OPENVAS:1361412562310844466", "OPENVAS:1361412562310844468", "OPENVAS:1361412562310853200", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310853214", "OPENVAS:1361412562310877958", "OPENVAS:1361412562310877968", "OPENVAS:1361412562310877977", "OPENVAS:1361412562310877980", "OPENVAS:1361412562310877999", "OPENVAS:1361412562310878006", "OPENVAS:1361412562310883249", "OPENVAS:1361412562310883250", "OPENVAS:1361412562310883251", "OPENVAS:1361412562310883257", "OPENVAS:1361412562310892241", "OPENVAS:1361412562310892242", "OPENVAS:1361412562310892248"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2427", "ELSA-2020-2430", "ELSA-2020-2431", "ELSA-2020-2432", "ELSA-2020-2433", "ELSA-2020-2664", "ELSA-2020-2933", "ELSA-2020-3010", "ELSA-2020-4060", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5722", "ELSA-2020-5732", "ELSA-2020-5750", "ELSA-2020-5755", "ELSA-2020-5756", "ELSA-2020-5765", "ELSA-2020-5766", "ELSA-2021-3027", "ELSA-2021-3028"]}, {"type": "osv", "idList": ["OSV:CVE-2020-0543", "OSV:DLA-2241-1", "OSV:DLA-2242-1", "OSV:DLA-2248-1", "OSV:DSA-4698-1", "OSV:DSA-4699-1", "OSV:DSA-4701-1"]}, {"type": "photon", "idList": ["PHSA-2020-0108", "PHSA-2020-0256", "PHSA-2020-3.0-0108"]}, {"type": "redhat", "idList": ["RHSA-2020:2427", "RHSA-2020:2428", "RHSA-2020:2429", "RHSA-2020:2430", "RHSA-2020:2431", "RHSA-2020:2432", "RHSA-2020:2433", "RHSA-2020:2664", "RHSA-2020:2665", "RHSA-2020:2667", "RHSA-2020:2677", "RHSA-2020:2679", "RHSA-2020:2680", "RHSA-2020:2706", "RHSA-2020:2707", "RHSA-2020:2757", "RHSA-2020:2758", "RHSA-2020:2770", "RHSA-2020:2771", "RHSA-2020:2777", "RHSA-2020:2831", "RHSA-2020:2832", "RHSA-2020:2842", "RHSA-2020:2851", "RHSA-2020:3019", "RHSA-2021:3027", "RHSA-2021:3028", "RHSA-2021:3029", "RHSA-2021:3176", "RHSA-2021:3255", "RHSA-2021:3317", "RHSA-2021:3322", "RHSA-2021:3323", "RHSA-2021:3364"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0543"]}, {"type": "rocky", "idList": ["RLSA-2021:3027"]}, {"type": "slackware", "idList": ["SSA-2020-163-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0791-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:0818-1", "OPENSUSE-SU-2020:0965-1", "OPENSUSE-SU-2020:0985-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "thn", "idList": ["THN:8841D27BD6D8D04E9583E7E0F20898D5"]}, {"type": "threatpost", "idList": ["THREATPOST:EF0075FFF210E542FF3ECB996DDA02A3"]}, {"type": "ubuntu", "idList": ["LSN-0068-1", "USN-4385-1", "USN-4385-2", "USN-4387-1", "USN-4388-1", "USN-4389-1", "USN-4390-1", "USN-4391-1", "USN-4392-1", "USN-4393-1", "USN-5617-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-0543"]}, {"type": "veracode", "idList": ["VERACODE:25645"]}, {"type": "virtuozzo", "idList": ["VZA-2020-044", "VZA-2020-045"]}, {"type": "xen", "idList": ["XSA-320"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3027"]}, {"type": "amazon", "idList": ["ALAS-2020-1396", "ALAS-2020-1401", "ALAS2-2020-1444"]}, {"type": "archlinux", "idList": ["ASA-202006-10"]}, {"type": "attackerkb", "idList": ["AKB:555EF2E1-269F-4133-8D13-B67EA80F8CC3"]}, {"type": "centos", "idList": ["CESA-2020:2430", "CESA-2020:2432", "CESA-2020:2433", "CESA-2021:3028"]}, {"type": "citrix", "idList": ["CTX275165"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0835B914E665F771DA10821B3BDE2D9F", "CFOUNDRY:A5CCCF4486FE273FEA953C57B224799B"]}, {"type": "cve", "idList": ["CVE-2020-0543"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2242-1:573AF", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4701-1:BB3B8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-0543"]}, {"type": "f5", "idList": ["F5:K25920352"]}, {"type": "fedora", "idList": ["FEDORA:055473124314", "FEDORA:1E93431CA0AD", "FEDORA:29E8B30D1A9E", "FEDORA:2AE7F3118C24", "FEDORA:3A4183118C44", "FEDORA:3C5D13124326", "FEDORA:AEC7F30A071F"]}, {"type": "freebsd", "idList": ["FBCBA194-AC7D-11EA-8B5E-B42E99A1B9C3"]}, {"type": "hp", "idList": ["HP:C06655648"]}, {"type": "ibm", "idList": ["570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF"]}, {"type": "ics", "idList": ["ICSA-20-252-07"]}, {"type": "lenovo", "idList": ["LENOVO:PS500327-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-3027.NASL", "CENTOS_RHSA-2021-3028.NASL", "FEDORA_2020-1AFBE7BA2D.NASL", "FREEBSD_PKG_FBCBA194AC7D11EA8B5EB42E99A1B9C3.NASL", "ORACLELINUX_ELSA-2020-5714.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2021-3027.NASL", "ORACLELINUX_ELSA-2021-3028.NASL", "REDHAT-RHSA-2020-2431.NASL", "REDHAT-RHSA-2020-2433.NASL", "REDHAT-RHSA-2020-2679.NASL", "REDHAT-RHSA-2020-2707.NASL", "REDHAT-RHSA-2021-3027.NASL", "REDHAT-RHSA-2021-3028.NASL", "REDHAT-RHSA-2021-3255.NASL", "SL_20210809_MICROCODE_CTL_ON_SL7_X.NASL", "UBUNTU_USN-4385-1.NASL", "UBUNTU_USN-4387-1.NASL", "UBUNTU_USN-4388-1.NASL", "UBUNTU_USN-4389-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108766", "OPENVAS:1361412562310704701", "OPENVAS:1361412562310892248"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2427", "ELSA-2020-2430", "ELSA-2020-2431", "ELSA-2020-2933", "ELSA-2020-5714", "ELSA-2020-5715", "ELSA-2020-5722", "ELSA-2021-3027", "ELSA-2021-3028"]}, {"type": "photon", "idList": ["PHSA-2020-0108", "PHSA-2020-0256"]}, {"type": "redhat", "idList": ["RHSA-2020:2427", "RHSA-2020:2428", "RHSA-2020:2429", "RHSA-2020:2430", "RHSA-2020:2433"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0543"]}, {"type": "slackware", "idList": ["SSA-2020-163-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0791-1", "OPENSUSE-SU-2020:0818-1", "OPENSUSE-SU-2020:0985-1"]}, {"type": "thn", "idList": ["THN:8841D27BD6D8D04E9583E7E0F20898D5"]}, {"type": "threatpost", "idList": ["THREATPOST:EF0075FFF210E542FF3ECB996DDA02A3"]}, {"type": "ubuntu", "idList": ["LSN-0068-1", "USN-4385-1", "USN-4385-2", "USN-4387-1", "USN-4389-1", "USN-4392-1", "USN-4393-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-0543"]}, {"type": "virtuozzo", "idList": ["VZA-2020-044", "VZA-2020-045"]}, {"type": "xen", "idList": ["XSA-320"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-0543", "epss": 0.0005, "percentile": 0.16922, "modified": "2023-05-07"}], "vulnersScore": -0.3}, "_state": {"dependencies": 1689865393, "score": 1689866915, "epss": 0}, "_internal": {"score_hash": "5271abf58bb050e3179b81984dcfcb72"}, "pluginID": "138266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1633-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138266);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/14\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1633-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nFixed an issue with efi boot when nvidia optimus or newer graphic\ncards are used (bsc#1168178).d\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201633-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59b59be3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1633=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1633=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_02-3.14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_02-3.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1633=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1633=1", "nessusSeverity": "Low", "cvssScoreSource": "", "vendor_cvss2": {"score": 2.1, "vector": "CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "vendor_cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "5.1"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-06-17T00:00:00", "vulnerabilityPublicationDate": "2020-06-15T00:00:00", "exploitableWith": []}

{"f5": [{"lastseen": "2023-02-21T20:04:44", "description": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. ([CVE-2020-0543](<https://vulners.com/cve/CVE-2020-0543>)) \n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-30T21:26:00", "type": "f5", "title": "Intel CPU SRBDS side-channel vulnerability CVE-2020-0543", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543"], "modified": "2021-01-12T01:47:00", "id": "F5:K25920352", "href": "https://support.f5.com/csp/article/K25920352", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:30", "description": "[4.1.12-124.39.5.1] \n- x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543}\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-054\n3}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE-\n2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352782] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} \n- x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31352782] {CVE-2020-0543}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543"], "modified": "2020-06-10T00:00:00", "id": "ELSA-2020-5722", "href": "http://linux.oracle.com/errata/ELSA-2020-5722.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[4.14.35-1902.303.5.3] \n- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]\n- Revert rds: Do not cancel RDMAs that have been posted to the HCA (Gerd Rausch) [Orabug: 31475329]\n- Revert rds: Introduce rds_conn_to_path helper (Gerd Rausch) [Orabug: 31475329]\n- Revert rds: Three cancel fixes (Gerd Rausch) [Orabug: 31475318]\n[4.14.35-1902.303.5.2] \n- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]\n[4.14.35-1902.303.5.1] \n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} \n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} \n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n[4.14.35-1902.303.5] \n- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543"], "modified": "2020-06-18T00:00:00", "id": "ELSA-2020-5732", "href": "http://linux.oracle.com/errata/ELSA-2020-5732.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:25:06", "description": "[2.6.32-754.31.1.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754.31.1]\n- [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543}\n- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}\n- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}\n- [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819]\n- [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653]\n- [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810]\n- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810]\n- [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810]\n- [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810]\n- [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810]\n- [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810]\n- [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-17T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18660", "CVE-2020-0543"], "modified": "2020-07-17T00:00:00", "id": "ELSA-2020-2933", "href": "http://linux.oracle.com/errata/ELSA-2020-2933.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-30T06:24:28", "description": "[3.10.0-1127.13.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n[3.10.0-1127.13.1]\n- [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n- [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827187 1827188] {CVE-2020-0543}\nheader (Waiman Long) [1827187 1827188] {CVE-2020-0543}\n[3.10.0-1127.12.1]\n- [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1841121 1836322]\n- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837297 1820632] {CVE-2020-12888}\n[3.10.0-1127.11.1]\n- [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1839757 1829662]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-23T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-12888"], "modified": "2020-06-23T00:00:00", "id": "ELSA-2020-2664", "href": "http://linux.oracle.com/errata/ELSA-2020-2664.html", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:54", "description": "[3:1.17-33.26.0.1]\n- update 06-2d-07 to 0x71a\n- update 06-55-04 to 0x2006906\n- update 06-55-07 to 0x5002f01\n- merge Oracle changes for early load via dracut\n- enable late load on install for UEK4 kernels marked safe (except BDW-79)\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]\n[2:1.17-33.26]\n- Update Intel CPU microcode to microcode-20200602 release, addresses\n CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186):\n - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;\n - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e\n up to 0x2f;\n - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25\n up to 0x26;\n - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;\n - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21\n up to 0x22;\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151\n up to 0x1000157;\n - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode\n (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065\n up to 0x2006906;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c\n up to 0x4002f01;\n - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c\n up to 0x5002f01;\n - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode\n from revision 0xca up to 0xd6;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision\n 0xca up to 0xd6;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;\n - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.\n[2:1.17-33.25]\n- Update Intel CPU microcode to microcode-20200520 release (#1839193):\n - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f\n up to 0x621;\n - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718\n up to 0x71a;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46\n up to 0x78.\n[2:1.17-33.24]\n- Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment\n models (#1835555).\n[2:1.17-33.23]\n- Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064\n by default (#1774635).\n[2:1.17-33.22]\n- Update Intel CPU microcode to microcode-20191115 release:\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4\n up to 0xd6;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca;\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca;\n - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision\n 0xc6 up to 0xca;\n - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6\n up to 0xca;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca;\n - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca;\n - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca;\n - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.\n[2:1.17-33.21]\n- Update Intel CPU microcode to microcode-20191113 release:\n - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6.\n- Drop 0001-releasenote-changes-summary-fixes.patch.\n[2:1.17-33.20]\n- Package the publicy available microcode-20191112 release (#1755021):\n - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d;\n - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c;\n - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16;\n - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150\n up to 0x1000151;\n - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision\n 0x2000064 up to 0x2000065;\n - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b\n up to 0x500002c;\n - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32;\n- Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release.\n- Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch).\n- Update README.caveats with the link to the new Knowledge Base article.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "id": "ELSA-2020-2433", "href": "http://linux.oracle.com/errata/ELSA-2020-2433.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:24:48", "description": "[4:20191115-4.20200602.2]\n- Avoid temporary file creation, used for here-documents in check_caveats.\n[4:20191115-4.20200602.1]\n- Update Intel CPU microcode to microcode-20200602 release, addresses\n CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827183):\n - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f\n up to 0x621;\n - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718\n up to 0x71a;\n - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;\n - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e\n up to 0x2f;\n - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25\n up to 0x26;\n - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;\n - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21\n up to 0x22;\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151\n up to 0x1000157;\n - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode\n (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065\n up to 0x2006906;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c\n up to 0x4002f01;\n - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c\n up to 0x5002f01;\n - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46\n up to 0x78;\n - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode\n from revision 0xca up to 0xd6;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision\n 0xca up to 0xd6;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;\n - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.\n- Change the URL to point to the GitHub repository since the microcode download\n section at Intel Download Center does not exist anymore.\n[4:20191115-4.20191115.6]\n- Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment\n models.\n[4:20191115-4.20191115.5]\n- Re-generate initramfs not only for the currently running kernel,\n but for several recently installed kernels as well.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-10T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-10T00:00:00", "id": "ELSA-2020-2431", "href": "http://linux.oracle.com/errata/ELSA-2020-2431.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:24:33", "description": "[2:2.1-61.6.0.1]\n- update 06-2d-07 to 0x71a\n- update 06-55-04 to 0x2006906\n- update 06-55-07 to 0x5002f01\n- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n- do not late load prior to 3.10.0\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early and late load for 5.4.17-*\n- enable early loading for 06-4f-01\n[2:2.1-61.6]\n- Avoid temporary file creation, used for here-documents in check_caveats.\n[2:2.1-61.5]\n- Update Intel CPU microcode to microcode-20200602 release, addresses\n CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827189):\n - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f\n up to 0x621;\n - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718\n up to 0x71a;\n - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;\n - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e\n up to 0x2f;\n - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25\n up to 0x26;\n - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;\n - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21\n up to 0x22;\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151\n up to 0x1000157;\n - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode\n (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065\n up to 0x2006906;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c\n up to 0x4002f01;\n - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c\n up to 0x5002f01;\n - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6\n up to 0xdc;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46\n up to 0x78;\n - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode\n from revision 0xca up to 0xd6;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision\n 0xca up to 0xd6;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;\n - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca\n up to 0xd6;\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.\n- Change the URL in the intel-microcode2ucode.8 to point to the GitHub\n repository since the microcode download section at Intel Download Center\n does not exist anymore.\n[2:2.1-61.4]\n- Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment\n models.\n[2:2.1-61.3]\n- Re-generate initramfs not only for the currently running kernel,\n but for several recently installed kernels as well.\n[2:2.1-61.2]\n- Avoid find being SIGPIPE'd on early 'grep -q' exit in the dracut script.\n[2:2.1-61.1]\n- Update stale posttrans dependency, add triggers for proper handling\n of the debug kernel flavour along with kernel-rt.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "id": "ELSA-2020-2432", "href": "http://linux.oracle.com/errata/ELSA-2020-2432.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-30T06:24:40", "description": "[2.6.32-754.30.2.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754.30.2]\n- x86/speculation: Provide SRBDS late microcode loading support (Waiman Long)\n- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}\n- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}\n- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}\n[2.6.32-754.30.1]\n- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711}\n- [netdrv] bonding: don't set slave->link in bond_update_speed_duplex() (Patrick Talbert) [1828604]\n- [security] KEYS: prevent KEYCTL_READ on negative key (Patrick Talbert) [1498368] {CVE-2017-12192}", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-10T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12192", "CVE-2020-0543", "CVE-2020-10711"], "modified": "2020-06-10T00:00:00", "id": "ELSA-2020-2430", "href": "http://linux.oracle.com/errata/ELSA-2020-2430.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:59", "description": "[4.18.0-193.6.3_2.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-193.6.3_2]\n- rebuild to enable xt_u32 module (Jiri Benc) [1840800 1840799 1834769 1838190]\n[4.18.0-193.6.2_2]\n- [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}\n- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}\n- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}\n- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}\n- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}\n[4.18.0-193.6.1_2]\n- [char] tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (Steve Best) [1827632 1808048]\n- [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1838477 1819408]\n- [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1838477 1819408]\n- [kernel] sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression (Phil Auld) [1834517 1745111]\n- [block] block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Ming Lei) [1835531 1835532] {CVE-2020-12657}\n- [kvm] KVM: x86: use raw clock values consistently (Marcelo Tosatti) [1822498 1768622]\n- [kvm] KVM: x86: reorganize pvclock_gtod_data members (Marcelo Tosatti) [1822498 1768622]\n- [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1822498 1768622]\n[4.18.0-193.5.1_2]\n- [fs] nfs: fix NULL deference in nfs4_get_valid_delegation ('J. Bruce Fields') [1837969 1831553]\n[4.18.0-193.4.1_2]\n- [bluetooth] Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (Gopal Tiwari) [1827620 1811534]\n- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711}\n- [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884}\n[4.18.0-193.3.1_2]\n- [kernel] sched/isolation: Allow 'isolcpus=' to skip unknown sub-parameters (Peter Xu) [1832367 1799014]\n- [firmware] efi: fix a mistype in comments mentioning efivar_entry_iter_begin() (Vladis Dronov) [1829527 1804417]\n- [firmware] efi: add a sanity check to efivar_store_raw() (Vladis Dronov) [1829527 1804417]\n- [firmware] efi: fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [1829527 1804417]\n- [net] net/smc: keep vlan_id for SMC-R in smc_listen_work() (Philipp Rudo) [1827631 1796890]\n[4.18.0-193.2.1_2]\n- [net] vti[6]: fix packet tx through bpf_redirect() in XinY cases (Sabrina Dubroca) [1821375 1795145]\n- [net] xfrm interface: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145]\n- [net] vti[6]: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145]\n- [scripts] redhat: fix modpost.c prerequisites (Frantisek Hrbata) [1828229 1818499]\n- [infiniband] IB/core: Avoid deadlock during netlink message handling (Kamal Heib) [1821381 1818986]\n- [infiniband] RDMA/core: Support netlink commands in non init_net net namespaces (Kamal Heib) [1821381 1818986]\n- [misc] mei: me: add comet point (lake) H device ids (Ken Cox) [1825262 1815355]\n- [misc] mei: me: add comet point (lake) LP device ids (Ken Cox) [1825262 1815355]\n- [misc] mei: define dma ring buffer sizes for PCH12 HW and newer (Ken Cox) [1825262 1815355]\n- [misc] mei: hbm: define dma ring setup protocol (Ken Cox) [1825262 1815355]\n- [net] SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize (Steve Dickson) [1826219 1825388]\n- [mm] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (Rafael Aquini) [1827619 1763878]\n- [mm] mm: thp: fix flags for pmd migration when split (Rafael Aquini) [1827619 1763878]\n- [mm] mm: thp: relocate flush_cache_range() in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878]\n- [mm] mm: thp: fix mmu_notifier in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878]\n- [mm] mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition (Rafael Aquini) [1827619 1763878]\n- [md] Revert 'dm: always call blk_queue_split() in dm_process_bio()' (Mike Snitzer) [1821382 1820705]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-10T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-10711", "CVE-2020-11884", "CVE-2020-12657"], "modified": "2020-06-10T00:00:00", "id": "ELSA-2020-2427", "href": "http://linux.oracle.com/errata/ELSA-2020-2427.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:30", "description": "[4.1.12-124.40.6]\n- ipv4: ipv4_default_advmss() should use route mtu (Eric Dumazet) [Orabug: 31563095] \n- net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095]\n[4.1.12-124.40.5]\n- Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475] \n- md: batch flush requests. (NeilBrown) [Orabug: 31332821] \n- ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] {CVE-2019-15214}\n- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538}\n- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538}\n- atomic_open(): fix the handling of create_error (Al Viro) [Orabug: 31493395]\n[4.1.12-124.40.4]\n- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351119] {CVE-2019-19533}\n- NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061]\n[4.1.12-124.40.3]\n- x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] {CVE-2020-0543}\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31475612] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] {CVE-2020-0543}\n- x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] {CVE-2020-0543}\n[4.1.12-124.40.2]\n- MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521] \n- can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] {CVE-2019-19534}\n- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] {CVE-2019-19536}\n- xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876]\n[4.1.12-124.40.1]\n- iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372]", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16538", "CVE-2019-15214", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19536", "CVE-2020-0543"], "modified": "2020-07-08T00:00:00", "id": "ELSA-2020-5750", "href": "http://linux.oracle.com/errata/ELSA-2020-5750.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[5.4.17-2011.4.4uek]\n- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (Sean Christopherson) [Orabug: 31536904]\n[5.4.17-2011.4.3uek]\n- NFS: replace cross device check in copy_file_range (Olga Kornievskaia) [Orabug: 31507615] \n- rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052] \n- perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Jean-Philippe Brucker) [Orabug: 31422283] \n- perf/smmuv3: use devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 31422283] \n- ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan Phan) [Orabug: 31422283] \n- uek-rpm: Increase CONFIG_NODES_SHIFT from 2 to 3 (Dave Kleikamp) [Orabug: 31422283] \n- perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 31422283] \n- uek-rpm: update aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283] \n- perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283] \n- perf: arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283] \n- perf: arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 31422283] \n- perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) [Orabug: 31422283] \n- Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) [Orabug: 31422283] \n- BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 31422283] \n- BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 31422283] \n- BACKPORT: mm/memory-failure: Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283] \n- perf: Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283] \n- BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283] \n- BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 31422283] \n- BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 31422283] \n- net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983] \n- mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] {CVE-2020-10757} {CVE-2020-10757}\n[5.4.17-2011.4.2uek]\n- UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 31489529] \n- UEK6 compiler warning for /net/rds/send.c (Sharath Srinivasan) [Orabug: 31489529] \n- Fix up two build warnings in the UEK6 GA tree (Jack Vogel) [Orabug: 31489333] \n- drivers/scsi/scsi_scan.c Fix the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322] \n- x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- x86: Change {JMP,CALL}_NOSPEC argument (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- x86: Simplify retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- x86/speculation: Change STUFF_RSB to work with objtool (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- x86/unwind: Introduce UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Add support for intra-function calls (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Remove INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Rework allocating stack_ops on decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: is_fentry_call() crashes if call has no destination (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Uniquely identify alternative instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Remove check preventing branches within alternative (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] \n- objtool: Support multiple stack_op per instruction (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320]\n}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19769", "CVE-2020-0543", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-12655", "CVE-2020-12770"], "modified": "2020-07-14T00:00:00", "id": "ELSA-2020-5756", "href": "http://linux.oracle.com/errata/ELSA-2020-5756.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:38", "description": "kernel-uek-container\n[4.14.35-1902.303.5.3.el7]\n- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]\n- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]\n[4.14.35-1902.303.5.2.el7]\n- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]\n[4.14.35-1902.303.5.1.el7]\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n[4.14.35-1902.303.5.el7]\n- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]\n[4.14.35-1902.303.4.el7]\n- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]\n- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]\n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]\n- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]\nkata-image\n[1.7.3-1.0.5.1]\n- Address Kata CVE 2023\nkata-runtime\n[1.7.3-1.0.5]\n- Address Kata CVE-2020-2023\n- Address Kata CVE-2020-2024\n- Address Kata CVE-2020-2025\n- Address Kata CVE-2020-2026\nkata\n[1.7.3-1.0.7]\n- Address CVE-2020-2023\n- Address CVE-2020-2024\n- Address CVE-2020-2025\n- Address CVE-2020-2026\nkubernetes\n[1.14.9-1.0.6]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n[1.14.9-1.0.5]\n- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026\nolcne\n[1.0.5-3]\n- update registry image mirroring script\n[1.0.5-2]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n- Update bootstrap scripts\n[1.0.5-1]\n- Update Kata Containers to address CVEs 2020-2023 thru 2020-2026", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-2023", "CVE-2020-2024", "CVE-2020-2025", "CVE-2020-2026", "CVE-2020-8557", "CVE-2020-8559"], "modified": "2020-07-22T00:00:00", "id": "ELSA-2020-5766", "href": "http://linux.oracle.com/errata/ELSA-2020-5766.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-09T20:27:22", "description": "[2:2.1-73.11.0.1]\n- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early and late load for 5.4.17-*\n- enable early loading for 06-4f-01 caveat\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n[2:2.1-73.11]\n- Update Intel CPU microcode to microcode-20210608 release:\n - Fixes in releasenote.md file.\n[2:2.1-73.10]\n- Make intel-06-2d-07, intel-06-4e-03, intel-06-4f-01, intel-06-55-04,\n intel-06-5e-03, intel-06-8c-01, intel-06-8e-9e-0x-0xca,\n and intel-06-8e-9e-0x-dell caveats dependent on intel caveat.\n- Enable 06-8c-01 microcode update by default.\n- Enable 06-5e-03 microcode update by default (#1897684).", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-08-09T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549", "CVE-2020-24489", "CVE-2020-24511", "CVE-2020-24512", "CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698"], "modified": "2021-08-09T00:00:00", "id": "ELSA-2021-3028", "href": "http://linux.oracle.com/errata/ELSA-2021-3028.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-09T20:27:05", "description": "[4:20210216-1.20210608.0.1]\n- add support for UEK6 kernels\n- enable early update for 06-4f-01\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n- enable early and late load on RHCK\n[4:20210216-1.20210608.1]\n- Update Intel CPU microcode to microcode-20210608 release:\n - Fixes in releasenote.md file.\n[4:20210216-1.20210525.2]\n- Make intel-06-2d-07, intel-06-4e-03, intel-06-4f-01, intel-06-55-04,\n intel-06-5e-03, intel-06-8c-01, intel-06-8e-9e-0x-0xca,\n and intel-06-8e-9e-0x-dell caveats dependent on intel caveat.\n- Enable 06-8c-01 microcode update by default (#1972328).\n- Enable 06-5e-03 microcode update by default (#1972325).", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-08-09T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549", "CVE-2020-24489", "CVE-2020-24511", "CVE-2020-24512", "CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698"], "modified": "2021-08-09T00:00:00", "id": "ELSA-2021-3027", "href": "http://linux.oracle.com/errata/ELSA-2021-3027.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-07-20T15:00:15", "description": "This update for xen to version 4.12.3 fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nAdded support for new 64bit libxl memory API (bsc#1167007 and bsc#1157490).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1609-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1609-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137620", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1609-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137620);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1609-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen to version 4.12.3 fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nAdded support for new 64bit libxl memory API (bsc#1167007 and\nbsc#1157490).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201609-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cbacc6e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-1609=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1609=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-devel-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_02-3.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_02-3.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:01:04", "description": "According to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - hw: Special Register Buffer Data Sampling (SRBDS).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2020-045.NASL", "href": "https://www.tenable.com/plugins/nessus/137746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137746);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2020-0543\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-045)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerability :\n\n - hw: Special Register Buffer Data Sampling (SRBDS).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2020-045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/solutions/5142691\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3759\",\n \"vzkernel-2.6.32-042stab145.3\",\n \"vzkernel-devel-2.6.32-042stab145.3\",\n \"vzkernel-firmware-2.6.32-042stab145.3\",\n \"vzmodules-2.6.32-042stab145.3\",\n \"vzmodules-devel-2.6.32-042stab145.3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:01:04", "description": "The 5.6.18 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 5.6.17 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel / kernel-headers (2020-3364913ace)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2020-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-3364913ACE.NASL", "href": "https://www.tenable.com/plugins/nessus/137574", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-3364913ace.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137574);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2020-0543\");\n script_xref(name:\"FEDORA\", value:\"2020-3364913ace\");\n\n script_name(english:\"Fedora 31 : kernel / kernel-headers (2020-3364913ace)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.18 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 5.6.17 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-3364913ace\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0543\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-3364913ace\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.6.18-200.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"kernel-headers-5.6.18-200.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:02:04", "description": "This update for xen to version 4.11.4 fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1632-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2020-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1632-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138265", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1632-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138265);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/14\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1632-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen to version 4.11.4 fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201632-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df5f9cea\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1632=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1632=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.11.4_02-2.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.11.4_02-2.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:02:58", "description": "This update for xen to version 4.12.3 fixes the following issues :\n\n	 - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\n - Added support for new 64bit libxl memory API (bsc#1167007 and bsc#1157490).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2020-818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-818.NASL", "href": "https://www.tenable.com/plugins/nessus/138687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-818.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138687);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2020-818)\");\n script_summary(english:\"Check for the openSUSE-2020-818 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen to version 4.12.3 fixes the following issues :\n\n	 - CVE-2020-0543: Fixed a side channel attack against special\nregisters which could have resulted in leaking of read values to cores\nother than the one which called it. This attack is known as Special\nRegister Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\n - Added support for new 64bit libxl memory API\n (bsc#1167007 and bsc#1157490).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-debugsource-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-devel-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-debuginfo-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-debuginfo-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_02-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_02-lp151.2.18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:00:37", "description": "Description of changes:\n\n[4.14.35-1902.303.5.3.el7uek] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]\n- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]\n\n[4.14.35-1902.303.5.2.el7uek] - rds: Three cancel fixes (H&aring kon Bugge) [Orabug: 31463014]\n\n[4.14.35-1902.303.5.1.el7uek] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n\n[4.14.35-1902.303.5.el7uek] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]\n\nAs of 2020/06/22 this advisory has been retracted because it apparently does not fix any security problems relevant to already running systems.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5732) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2020-06-23T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-5732.NASL", "href": "https://www.tenable.com/plugins/nessus/137697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/06/22. Deprecated because security advisory was retracted\n# as being non-security related.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137697);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/23\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5732) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Description of changes:\n\n[4.14.35-1902.303.5.3.el7uek] - rds: Deregister all FRWR mr with free_mr \n(Hans Westgaard Ry) [Orabug: 31476202]\n- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' \n(Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: \n31475329]\n- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]\n\n[4.14.35-1902.303.5.2.el7uek] - rds: Three cancel fixes (H&aring kon Bugge) \n[Orabug: 31463014]\n\n[4.14.35-1902.303.5.1.el7uek] - x86/speculation: Add SRBDS vulnerability \nand mitigation documentation (Mark Gross) [Orabug: 31446720] \n{CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data \nSampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] \n{CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark \nGross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) \n[Orabug: 31446720] {CVE-2020-0543}\n\n[4.14.35-1902.303.5.el7uek] - net/mlx5: Decrease default mr cache size \n(Artemy Kovalyov) [Orabug: 31446379]\n\nAs of 2020/06/22 this advisory has been retracted because it\napparently does not fix any security problems relevant to already\nrunning systems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010066.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"n/a\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"As of 2020/06/22 this advisory has been retracted because it apparently does not fix any security problems relevant to already running systems.\");\n\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.14.35-1902.303.5.3.el7uek\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.14.35-1902.303.5.3.el7uek\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.14.35-1902.303.5.3.el7uek\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.14.35-1902.303.5.3.el7uek\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.14.35-1902.303.5.3.el7uek\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-tools-4.14.35\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-tools-4.14.35-1902.303.5.3.el7uek\")) flag++;\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:14:28", "description": "Intel reports :\n\nIntel CPUs suffer Special Register Buffer Data Sampling vulnerability", "cvss3": {}, "published": "2020-12-29T00:00:00", "type": "nessus", "title": "FreeBSD : Intel CPU issues (fbcba194-ac7d-11ea-8b5e-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:devcpu-data", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FBCBA194AC7D11EA8B5EB42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/144625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144625);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"FreeBSD : Intel CPU issues (fbcba194-ac7d-11ea-8b5e-b42e99a1b9c3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Intel reports :\n\nIntel CPUs suffer Special Register Buffer Data Sampling vulnerability\"\n );\n # https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcba6e7d\"\n );\n # https://vuxml.freebsd.org/freebsd/fbcba194-ac7d-11ea-8b5e-b42e99a1b9c3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19574d10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:devcpu-data\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"devcpu-data<1.31\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-23T15:10:22", "description": "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue.\nIncomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. An attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the contents of certain off-core accesses by other cores in the system. Only x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Xen Speculative Side Channel Information Disclosure (XSA-320)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2021-04-30T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-320.NASL", "href": "https://www.tenable.com/plugins/nessus/149085", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149085);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/30\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"Xen Speculative Side Channel Information Disclosure (XSA-320)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue.\nIncomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated\nuser to potentially enable information disclosure via local access. An attacker, which could include a malicious\nuntrusted user process on a trusted guest, or an untrusted guest, can sample the contents of certain off-core accesses\nby other cores in the system. Only x86 processors are vulnerable. ARM processors are not believed to be vulnerable.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/xsa/advisory-320.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app = 'Xen Hypervisor';\nvar app_info = vcf::xen_hypervisor::get_app_info(app:app);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar fixes;\n\nfixes['4.9']['fixed_ver'] = '4.9.4';\nfixes['4.9']['fixed_ver_display'] = '4.9.4 (changeset 80d78ac)';\nfixes['4.9']['affected_ver_regex'] = \"^4\\.9([^0-9]|$)\";\nfixes['4.9']['affected_changesets'] = make_list('ad0c1a0', '04af886',\n '93cc305', '45c9073', '773686b', '4e79375', '8d26adc', 'b3718b7',\n 'cf2e9cc', '43ab30b', '55bd90d', '173e805', '248f22e', 'ec229c2',\n 'e879bfe', 'ce126c9', '4b69427', '8d1ee9f', 'e60b3a9', '25f5530',\n '49db55f', 'fa34ed5', '704f7ec', 'a930a74', '8c52ee2', '2e15a19',\n '70639ac', 'c3b479d', 'e349eae', '632fb4e', '4608c6d', '7daacca',\n '859e48e', '5be2dd0', 'b0147bd', 'cadd66a', 'd3c4b60', 'd59f5c4',\n '44303c6', '79538ba', '80c3157', '73f1a55', 'bc20fb1', '754a531',\n '7b032c2', 'ff4fdf0', '8d2a688', 'b9013d7', 'bc8e5ec', '34907f5',\n 'e70bf7e', 'fa0b891', '3a8177c', '04ec835', '8d63ec4', '1ff6b4d',\n 'f092d86', 'e4b534f', '87c49fe', '19becb8', '43775c0', 'f6b0f33',\n 'a17e75c', '67530e7', 'f804549', '84f81a8', '56aa239', '105db42',\n 'd9da3ea', 'ac90240', '3db28b0', '9b6f1c0', '0c4bbad', '917d8d3',\n '3384ea4', '352421f', '04e9dcb', '1612f15', 'f952b1d', '63d9330',\n 'f72414a', 'ac3a5f8', '1ae6b8e', '1dd3dcc', '7390fa1', '7e78dc4',\n '8fdfb1e', '55d36e2', '045f37c', 'dd7e637', '7a40b5b', 'f5acf97');\n\nfixes['4.10']['fixed_ver'] = '4.10.4';\nfixes['4.10']['fixed_ver_display'] = '4.10.4 (changeset ce05683)';\nfixes['4.10']['affected_ver_regex'] = \"^4\\.10([^0-9]|$)\";\nfixes['4.10']['affected_changesets'] = make_list('934d6e1', '6e636f2',\n 'dfc0b23', '2f83654', 'bf467cc', '6df4d40', 'e20bb58', 'a1a9b05',\n 'afca67f', 'b922c44', 'b413732', '3d60903', 'b01c84e', '1e722e6',\n '59cf3a0', 'fabfce8', 'a4dd2fe', '6e63a6f', '24d62e1', 'cbedabf',\n '38e589d', 'a91b8fc', '3e0c316', '49a5d6e', '6cb1cb9', 'ba2776a',\n '9d143e8', 'fe8dab3', '07e546e', 'fefa5f9', 'c9f9ff7', '406d40d',\n 'e489955', '37139f1', 'fde09cb', '804ba02', 'e8c3971', 'a8c4293',\n 'aa40452', '1da3dab', 'e5632c4', '902e72d', '6a14610', 'ea815b2',\n '13ad331', '61b75d9', 'e70e7bf', 'e966e2e', 'dfa16a1', 'a71e199',\n 'c98be9e', 'a548e10', 'd3c0e84', '53b1572', '7203f9a', '6d1659d',\n 'a782173', '24e90db', '0824bc6', 'e6f3135', '3131bf9');\n\nfixes['4.11']['fixed_ver'] = '4.11.4';\nfixes['4.11']['fixed_ver_display'] = '4.11.4 (changeset 2b77729)';\nfixes['4.11']['affected_ver_regex'] = \"^4\\.11([^0-9]|$)\";\nfixes['4.11']['affected_changesets'] = make_list('9be7992', 'b8d476a',\n '1c751c4', '7dd2ac3', 'a58bba2', '7d8fa6a', '4777208', '48e8564',\n '2efca7e', 'afe82f5', 'e84b634', '96a8b5b');\n\nfixes['4.12']['fixed_ver'] = '4.12.3';\nfixes['4.12']['fixed_ver_display'] = '4.12.3 (changeset d58c48d)';\nfixes['4.12']['affected_ver_regex'] = \"^4\\.12([^0-9]|$)\";\nfixes['4.12']['affected_changesets'] = make_list('199ae1f', '9dc2842',\n '09b6112');\n\nfixes['4.13']['fixed_ver'] = '4.13.1';\nfixes['4.13']['fixed_ver_display'] = '4.13.1 (changeset d8e1053)';\nfixes['4.13']['affected_ver_regex'] = \"^4\\.13([^0-9]|$)\";\nfixes['4.13']['affected_changesets'] = make_list('67958a1', '9aefa01',\n '6278553');\n\nfixes['4.14']['fixed_ver'] = '4.14.0';\nfixes['4.14']['fixed_ver_display'] = '4.14.0-rc (changeset 7028534)';\nfixes['4.14']['affected_ver_regex'] = \"^4\\.14([^0-9]|$)\";\nfixes['4.14']['affected_changesets'] = make_list('ceaae74', '6a49b9a',\n 'caab85a', '058023b', '30a72f0', '1a58d8d', '31a714d', 'f7039ee',\n '1fe4066', '985ba41', '835d8d6', '63b4c9b', '16c36d2', '03dc5f0',\n '11ba5cd', '726c78d', '75131ad');\n\nvcf::xen_hypervisor::check_version_and_report(app_info:app_info, fixes:fixes, severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T15:00:11", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5722 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5722.NASL", "href": "https://www.tenable.com/plugins/nessus/137388", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5722.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137388);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-0543\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5722)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5722 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5722.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.39.5.1.el6uek', '4.1.12-124.39.5.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5722');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.39.5.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.39.5.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.39.5.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.39.5.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.39.5.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.39.5.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.39.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.39.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.39.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.39.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.39.5.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.39.5.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T15:58:55", "description": "The 5.6.18 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 5.6.17 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "Fedora 32 : kernel / kernel-headers (2020-e47d28bc2b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543"], "modified": "2020-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-E47D28BC2B.NASL", "href": "https://www.tenable.com/plugins/nessus/137432", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e47d28bc2b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137432);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2020-0543\");\n script_xref(name:\"FEDORA\", value:\"2020-e47d28bc2b\");\n\n script_name(english:\"Fedora 32 : kernel / kernel-headers (2020-e47d28bc2b)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.18 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 5.6.17 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e47d28bc2b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0543\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-e47d28bc2b\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"kernel-5.6.18-300.fc32\")) flag++;\nif (rpm_check(release:\"FC32\", reference:\"kernel-headers-5.6.18-300.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:54", "description": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. (CVE-2020-0543)\n\nIncomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n(CVE-2020-0548)\n\nCleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)", "cvss3": {}, "published": "2020-07-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : microcode_ctl (ALAS-2020-1444)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-07-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:microcode_ctl", "p-cpe:/a:amazon:linux:microcode_ctl-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1444.NASL", "href": "https://www.tenable.com/plugins/nessus/138046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1444.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138046);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"ALAS\", value:\"2020-1444\");\n\n script_name(english:\"Amazon Linux 2 : microcode_ctl (ALAS-2020-1444)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A new domain bypass transient execution attack known as Special\nRegister Buffer Data Sampling (SRBDS) has been found. This flaw allows\ndata values from special internal registers to be leaked by an\nattacker able to execute code on any core of the CPU. An unprivileged,\nlocal attacker can use this flaw to infer values returned by affected\ninstructions known to be commonly used during cryptographic operations\nthat rely on uniqueness, secrecy, or both. (CVE-2020-0543)\n\nIncomplete cleanup from specific special register read operations in\nsome Intel(R) Processors may allow an authenticated user to\npotentially enable information disclosure via local access.\n(CVE-2020-0548)\n\nCleanup errors in some data cache evictions for some Intel(R)\nProcessors may allow an authenticated user to potentially enable\ninformation disclosure via local access. (CVE-2020-0549)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1444.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update microcode_ctl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"microcode_ctl-2.1-47.amzn2.0.7\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"microcode_ctl-debuginfo-2.1-47.amzn2.0.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl / microcode_ctl-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:47", "description": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nCleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n(CVE-2020-0548)\n\nCleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:microcode_ctl", "p-cpe:/a:amazon:linux:microcode_ctl-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1396.NASL", "href": "https://www.tenable.com/plugins/nessus/138638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1396.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138638);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"ALAS\", value:\"2020-1396\");\n\n script_name(english:\"Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A new domain bypass transient execution attack known as Special\nRegister Buffer Data Sampling (SRBDS) has been found. This flaw allows\ndata values from special internal registers to be leaked by an\nattacker able to execute code on any core of the CPU. An unprivileged,\nlocal attacker can use this flaw to infer values returned by affected\ninstructions known to be commonly used during cryptographic operations\nthat rely on uniqueness, secrecy, or both. Incomplete cleanup from\nspecific special register read operations in some Intel(R) Processors\nmay allow an authenticated user to potentially enable information\ndisclosure via local access. (CVE-2020-0543)\n\nCleanup errors in some Intel(R) Processors may allow an authenticated\nuser to potentially enable information disclosure via local access.\n(CVE-2020-0548)\n\nCleanup errors in some data cache evictions for some Intel(R)\nProcessors may allow an authenticated user to potentially enable\ninformation disclosure via local access. (CVE-2020-0549)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1396.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update microcode_ctl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"microcode_ctl-2.1-47.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"microcode_ctl-debuginfo-2.1-47.39.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl / microcode_ctl-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:20", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:1595-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1595-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1595-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137610);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:1595-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to\nmitigate the Vector Register and L1D Eviction Sampling aka\n'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nHSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0\n6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72\n00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32\n0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22\n00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97\n01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7\n02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7\n02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf\n0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf\n0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0\n6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22\nH0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0\n6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0\n6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0\n6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0\n6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3\nB0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6\nCFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8\nDesktop, Mobile, Xeon E CFL-S B0 6-9e-b/02\n000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22\n000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22\n000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5,\nCore X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon\nE3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0549/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201595-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d5fc179\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1595=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1595=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1595=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1595=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1595=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1595=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1595=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1595=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1595=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1595=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1595=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1595=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20200602-13.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20200602-13.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:57", "description": "Security Fix(es) :\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)", "cvss3": {}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:microcode_ctl", "p-cpe:/a:fermilab:scientific_linux:microcode_ctl-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200610_MICROCODE_CTL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/137348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137348);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"Scientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=4677\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?227b90e0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected microcode_ctl and / or microcode_ctl-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"microcode_ctl-1.17-33.26.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"microcode_ctl-debuginfo-1.17-33.26.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl / microcode_ctl-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:43", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has microcode_ctl packages installed that are affected by multiple vulnerabilities:\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : microcode_ctl Multiple Vulnerabilities (NS-SA-2020-0071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0071_MICROCODE_CTL.NASL", "href": "https://www.tenable.com/plugins/nessus/143983", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0071. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : microcode_ctl Multiple Vulnerabilities (NS-SA-2020-0071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has microcode_ctl packages installed that are\naffected by multiple vulnerabilities:\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable\n information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user\n to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0071\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL microcode_ctl packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'microcode_ctl-2.1-61.6.el7_8',\n 'microcode_ctl-debuginfo-2.1-61.6.el7_8'\n ],\n 'CGSL MAIN 5.04': [\n 'microcode_ctl-2.1-61.6.el7_8',\n 'microcode_ctl-debuginfo-2.1-61.6.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:58", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2758 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2758)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2758.NASL", "href": "https://www.tenable.com/plugins/nessus/137883", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2758. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137883);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2758\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2758)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2758 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-53.9.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:06:50", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2680 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-30T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "cpe:/o:redhat:rhel_e4s:7.3", "cpe:/o:redhat:rhel_tus:7.3", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2680.NASL", "href": "https://www.tenable.com/plugins/nessus/137895", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2680. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137895);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2680\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2680)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2680 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/os',\n 'content/tus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-16.33.el7_3', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:59", "description": "From Red Hat Security Advisory 2020:2431 :\n\nThe remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : microcode_ctl (ELSA-2020-2431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:microcode_ctl", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-2431.NASL", "href": "https://www.tenable.com/plugins/nessus/137385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2431 and \n# Oracle Linux Security Advisory ELSA-2020-2431 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137385);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2431\");\n\n script_name(english:\"Oracle Linux 8 : microcode_ctl (ELSA-2020-2431)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2431 :\n\nThe remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010035.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"microcode_ctl-20191115-4.20200602.2.el8_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:43", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2757 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : microcode_ctl (RHSA-2020:2757)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2757.NASL", "href": "https://www.tenable.com/plugins/nessus/137882", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2757. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137882);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2757\");\n\n script_name(english:\"RHEL 8 : microcode_ctl (RHSA-2020:2757)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2757 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20180807a-2.20200609.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:30", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2432.NASL", "href": "https://www.tenable.com/plugins/nessus/137313", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2432. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137313);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2432\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2432)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-61.6.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:43", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2707 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 6 : microcode_ctl (RHSA-2020:2707)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:6.5", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2707.NASL", "href": "https://www.tenable.com/plugins/nessus/143027", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2707. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143027);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2707\");\n\n script_name(english:\"RHEL 6 : microcode_ctl (RHSA-2020:2707)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2707 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '6.5')) audit(AUDIT_OS_NOT, 'Red Hat 6.5', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/6/6.5/x86_64/debug',\n 'content/aus/rhel/server/6/6.5/x86_64/optional/debug',\n 'content/aus/rhel/server/6/6.5/x86_64/optional/os',\n 'content/aus/rhel/server/6/6.5/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/6/6.5/x86_64/os',\n 'content/aus/rhel/server/6/6.5/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-1.17-17.31.el6_5', 'sp':'5', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:38", "description": "From Red Hat Security Advisory 2020:2432 :\n\nThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : microcode_ctl (ELSA-2020-2432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:microcode_ctl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-2432.NASL", "href": "https://www.tenable.com/plugins/nessus/137694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2432 and \n# Oracle Linux Security Advisory ELSA-2020-2432 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137694);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2432\");\n\n script_name(english:\"Oracle Linux 7 : microcode_ctl (ELSA-2020-2432)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2432 :\n\nThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010061.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"microcode_ctl-2.1-61.6.el7_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:54", "description": "It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nIt was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information.\n(CVE-2020-0548)\n\nIt was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode vulnerabilities (USN-4385-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4385-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137295", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4385-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137295);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"USN\", value:\"4385-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode vulnerabilities (USN-4385-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nIt was discovered that on some Intel processors, partial data values\npreviously read from a vector register on a physical core may be\npropagated into unused portions of the store buffer. A local attacker\ncould possible use this to expose sensitive information.\n(CVE-2020-0548)\n\nIt was discovered that on some Intel processors, data from the most\nrecently evicted modified L1 data cache (L1D) line may be propagated\ninto an unused (invalid) L1D fill buffer. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-0549).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4385-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|19\\.10|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 19.10 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.16.04.0\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.18.04.0\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.19.10.0\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.20.04.0\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:57", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for :\n\n - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\n - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks.\n (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ucode-intel (openSUSE-2020-791)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ucode-intel", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-791.NASL", "href": "https://www.tenable.com/plugins/nessus/137351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-791.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137351);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"openSUSE Security Update : ucode-intel (openSUSE-2020-791)\");\n script_summary(english:\"Check for the openSUSE-2020-791 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\nThis update contains security mitigations for :\n\n - CVE-2020-0543: Fixed a side channel attack against\n special registers which could have resulted in leaking\n of read values to cores other than the one which called\n it. This attack is known as Special Register Buffer Data\n Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\n - CVE-2020-0548,CVE-2020-0549: Additional ucode updates\n were supplied to mitigate the Vector Register and L1D\n Eviction Sampling aka 'CacheOutAttack' attacks.\n (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nHSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0\n6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72\n00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32\n0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22\n00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97\n01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7\n02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7\n02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf\n0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf\n0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0\n6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22\nH0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0\n6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0\n6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0\n6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0\n6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3\nB0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6\nCFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8\nDesktop, Mobile, Xeon E CFL-S B0 6-9e-b/02\n000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22\n000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22\n000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5,\nCore X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon\nE3/E5, Core X\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172466\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ucode-intel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ucode-intel-20200602-lp151.2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:05", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:1589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1589-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1589-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137609);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:1589-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to\nmitigate the Vector Register and L1D Eviction Sampling aka\n'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nHSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0\n6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72\n00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32\n0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22\n00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97\n01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7\n02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7\n02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf\n0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf\n0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0\n6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22\nH0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0\n6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0\n6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0\n6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0\n6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3\nB0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6\nCFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8\nDesktop, Mobile, Xeon E CFL-S B0 6-9e-b/02\n000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22\n000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22\n000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5,\nCore X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon\nE3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0549/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201589-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4083bf71\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1589=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-3.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-3.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:48", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : microcode_ctl (CESA-2020:2431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:microcode_ctl"], "id": "CENTOS8_RHSA-2020-2431.NASL", "href": "https://www.tenable.com/plugins/nessus/145997", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:2431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145997);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2431\");\n\n script_name(english:\"CentOS 8 : microcode_ctl (CESA-2020:2431)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2431\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:microcode_ctl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'microcode_ctl-20191115-4.20200602.2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:59", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2842 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2842)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2842.NASL", "href": "https://www.tenable.com/plugins/nessus/138159", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2842. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138159);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2842\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2842)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2842 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-47.14.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:02", "description": "The following CVE(s) were reported against src:intel-microcode.\n\nCVE-2020-0543\n\nA new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.\n\nCVE-2020-0548\n\nA flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system.\nThis results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.\n\nCVE-2020-0549\n\nA microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the 'fill buffers' and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.20200609.2~deb8u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "Debian DLA-2248-1 : intel-microcode security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:intel-microcode", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2248.NASL", "href": "https://www.tenable.com/plugins/nessus/137418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2248-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137418);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"Debian DLA-2248-1 : intel-microcode security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following CVE(s) were reported against src:intel-microcode.\n\nCVE-2020-0543\n\nA new domain bypass transient execution attack known as Special\nRegister Buffer Data Sampling (SRBDS) has been found. This flaw allows\ndata values from special internal registers to be leaked by an\nattacker able to execute code on any core of the CPU. An unprivileged,\nlocal attacker can use this flaw to infer values returned by affected\ninstructions known to be commonly used during cryptographic operations\nthat rely on uniqueness, secrecy, or both.\n\nCVE-2020-0548\n\nA flaw was found in Intel processors where a local attacker is able to\ngain information about registers used for vector calculations by\nobserving register states from other processes running on the system.\nThis results in a race condition where store buffers, which were not\ncleared, could be read by another process or a CPU sibling. The\nhighest threat from this vulnerability is data confidentiality where\nan attacker could read arbitrary data as it passes through the\nprocessor.\n\nCVE-2020-0549\n\nA microarchitectural timing flaw was found on some Intel processors. A\ncorner case exists where data in-flight during the eviction process\ncan end up in the 'fill buffers' and not properly cleared\nby the MDS mitigations. The fill buffer contents (which were expected\nto be blank) can be inferred using MDS or TAA style attack methods to\nallow a local attacker to infer fill buffer values.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.20200609.2~deb8u1.\n\nWe recommend that you upgrade your intel-microcode packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"intel-microcode\", reference:\"3.20200609.2~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:41", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2677 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "RHEL 8 : microcode_ctl (RHSA-2020:2677)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2677.NASL", "href": "https://www.tenable.com/plugins/nessus/137749", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2677. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137749);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2677\");\n\n script_name(english:\"RHEL 8 : microcode_ctl (RHSA-2020:2677)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2677 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20190618-1.20200609.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:10:16", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14394-1 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2020:14394-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:microcode_ctl", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14394-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150544", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14394-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150544);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14394-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2020:14394-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14394-1 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable\n information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user\n to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172466\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-June/006920.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5597bdaf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'microcode_ctl-1.17-102.83.53', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.53', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.53', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'microcode_ctl-1.17-102.83.53', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:13", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "CentOS 7 : microcode_ctl (CESA-2020:2432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:microcode_ctl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-2432.NASL", "href": "https://www.tenable.com/plugins/nessus/137337", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:2432 and \n# CentOS Errata and Security Advisory 2020:2432 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137337);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2432\");\n\n script_name(english:\"CentOS 7 : microcode_ctl (CESA-2020:2432)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2432 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-June/035754.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ccdb074\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0548\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"microcode_ctl-2.1-61.6.el7_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:57", "description": "This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for the Special Register Buffer Data Sampling (CVE-2020-0543 ), Vector Register Sampling (CVE-2020-0548 ) and L1D Eviction Sampling (CVE-2020-0549 ) hardware vulnerabilities.\n\nThe microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release.\n\nThe upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot.\n\nFor details refer to https://www.intel.com/content/www/us/en/security-center/advisory/intel\n-sa-00320.html, https://www.intel.com/content/www/us/en/security-center/advisory/intel\n-sa-00329.html", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Debian DSA-4701-1 : intel-microcode - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:intel-microcode", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4701.NASL", "href": "https://www.tenable.com/plugins/nessus/137374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4701. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137374);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"DSA\", value:\"4701\");\n\n script_name(english:\"Debian DSA-4701-1 : intel-microcode - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update ships updated CPU microcode for some types of Intel CPUs\nand provides mitigations for the Special Register Buffer Data Sampling\n(CVE-2020-0543 ), Vector Register Sampling (CVE-2020-0548 ) and L1D\nEviction Sampling (CVE-2020-0549 ) hardware vulnerabilities.\n\nThe microcode update for HEDT and Xeon CPUs with signature 0x50654\nwhich was reverted in DSA 4565-2 is now included again with a fixed\nrelease.\n\nThe upstream update for Skylake-U/Y (signature 0x406e3) had to be\nexcluded from this update due to reported hangs on boot.\n\nFor details refer to\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel\n-sa-00320.html,\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel\n-sa-00329.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-0543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-0548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-0549\"\n );\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c444b53b\"\n );\n # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a852169\"\n );\n # https://security-tracker.debian.org/tracker/source-package/intel-microcode\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?019586d4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/intel-microcode\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4701\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the intel-microcode packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 3.20200609.2~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 3.20200609.2~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"intel-microcode\", reference:\"3.20200609.2~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"intel-microcode\", reference:\"3.20200609.2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:06", "description": "This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI Old->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:1601-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ucode-intel", "p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo", "p-cpe:/a:novell:suse_linux:ucode-intel-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1601-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1601-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137614);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:1601-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ucode-intel fixes the following issues :\n\nUpdated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466)\n\nThis update contains security mitigations for :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to\nmitigate the Vector Register and L1D Eviction Sampling aka\n'CacheOutAttack' attacks. (bsc#1156353)\n\nMicrocode Table :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nHSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0\n6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72\n00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32\n0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22\n00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0\n000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97\n01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7\n02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7\n02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf\n0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf\n0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0\n6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22\nH0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0\n6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0\n6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0\n6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0\n6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0\n6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3\nB0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6\nCFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8\nDesktop, Mobile, Xeon E CFL-S B0 6-9e-b/02\n000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22\n000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22\n000000ca->000000d6 Core Gen9 Mobile\n\nAlso contains the Intel CPU Microcode update to 20200520 :\n\nProcessor Identifier Version Products Model Stepping F-MO-S/PI\nOld->New\n\n---- new platforms ----------------------------------------\n\n---- updated platforms ------------------------------------\nSNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5,\nCore X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon\nE3/E5, Core X\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0549/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201601-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dede33c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1601=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ucode-intel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-20200602-3.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debuginfo-20200602-3.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"ucode-intel-debugsource-20200602-3.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ucode-intel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:09", "description": "From Red Hat Security Advisory 2020:2433 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : microcode_ctl (ELSA-2020-2433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:microcode_ctl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2020-2433.NASL", "href": "https://www.tenable.com/plugins/nessus/137695", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2433 and \n# Oracle Linux Security Advisory ELSA-2020-2433 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137695);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2433\");\n\n script_name(english:\"Oracle Linux 6 : microcode_ctl (ELSA-2020-2433)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2433 :\n\nThe remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010064.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"microcode_ctl-1.17-33.26.0.1.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:35", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2771 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-08T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/138217", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2771. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138217);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2771\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2771 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-22.32.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:23", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2706 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "RHEL 6 : microcode_ctl (RHSA-2020:2706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:6.6", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2706.NASL", "href": "https://www.tenable.com/plugins/nessus/137751", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2706. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137751);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2706\");\n\n script_name(english:\"RHEL 6 : microcode_ctl (RHSA-2020:2706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2706 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '6.6')) audit(AUDIT_OS_NOT, 'Red Hat 6.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/6/6.6/x86_64/debug',\n 'content/aus/rhel/server/6/6.6/x86_64/optional/debug',\n 'content/aus/rhel/server/6/6.6/x86_64/optional/os',\n 'content/aus/rhel/server/6/6.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/6/6.6/x86_64/os',\n 'content/aus/rhel/server/6/6.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-1.17-19.29.el6_6', 'sp':'6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:12", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-09T00:00:00", "type": "nessus", "title": "RHEL 6 : microcode_ctl (RHSA-2020:2433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_els:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2433.NASL", "href": "https://www.tenable.com/plugins/nessus/137273", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2433. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137273);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2433\");\n\n script_name(english:\"RHEL 6 : microcode_ctl (RHSA-2020:2433)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-1.17-33.26.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'microcode_ctl-1.17-33.26.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:55", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "CentOS 6 : microcode_ctl (CESA-2020:2433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:microcode_ctl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2020-2433.NASL", "href": "https://www.tenable.com/plugins/nessus/137338", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:2433 and \n# CentOS Errata and Security Advisory 2020:2433 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137338);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2433\");\n\n script_name(english:\"CentOS 6 : microcode_ctl (CESA-2020:2433)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2433 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS)\n (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-June/035752.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a79fb212\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0548\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"microcode_ctl-1.17-33.26.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:30", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-09T00:00:00", "type": "nessus", "title": "RHEL 8 : microcode_ctl (RHSA-2020:2431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2431.NASL", "href": "https://www.tenable.com/plugins/nessus/137276", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2431. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137276);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2431\");\n\n script_name(english:\"RHEL 8 : microcode_ctl (RHSA-2020:2431)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2431 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20191115-4.20200602.2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20191115-4.20200602.2.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20191115-4.20200602.2.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-20191115-4.20200602.2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:32", "description": "USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS.\n\nPlease note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery.\n\nWe apologize for the inconvenience.\n\nIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nIt was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information.\n(CVE-2020-0548)\n\nIt was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Intel Microcode regression (USN-4385-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:intel-microcode", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4385-2.NASL", "href": "https://www.tenable.com/plugins/nessus/137352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4385-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137352);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"USN\", value:\"4385-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Intel Microcode regression (USN-4385-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4385-1 provided updated Intel Processor Microcode. Unfortunately,\nthat update prevented certain processors in the Intel Skylake family\n(06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS,\nlate loading of microcode was enabled, which could lead to system\ninstability. This update reverts the microcode update for the Skylake\nprocessor family and disables the late loading option on Ubuntu 20.04\nLTS.\n\nPlease note that the 'dis_ucode_ldr' kernel command line option can be\nadded in the boot menu to disable microcode loading for system\nrecovery.\n\nWe apologize for the inconvenience.\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nIt was discovered that on some Intel processors, partial data values\npreviously read from a vector register on a physical core may be\npropagated into unused portions of the store buffer. A local attacker\ncould possible use this to expose sensitive information.\n(CVE-2020-0548)\n\nIt was discovered that on some Intel processors, data from the most\nrecently evicted modified L1 data cache (L1D) line may be propagated\ninto an unused (invalid) L1D fill buffer. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-0549).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4385-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected intel-microcode package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:intel-microcode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|19\\.10|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 19.10 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"intel-microcode\", pkgver:\"3.20200609.0ubuntu0.20.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"intel-microcode\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:01", "description": "Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\n----\n\nSecurity fixes for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-26T00:00:00", "type": "nessus", "title": "Fedora 31 : 2:microcode_ctl (2020-11ddbfbdf0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:microcode_ctl", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-11DDBFBDF0.NASL", "href": "https://www.tenable.com/plugins/nessus/137842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-11ddbfbdf0.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137842);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/01\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"FEDORA\", value:\"2020-11ddbfbdf0\");\n\n script_name(english:\"Fedora 31 : 2:microcode_ctl (2020-11ddbfbdf0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\n----\n\nSecurity fixes for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-11ddbfbdf0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"microcode_ctl-2.1-39.fc31\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:42", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2679 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 7 : microcode_ctl (RHSA-2020:2679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.2", "p-cpe:/a:redhat:enterprise_linux:microcode_ctl"], "id": "REDHAT-RHSA-2020-2679.NASL", "href": "https://www.tenable.com/plugins/nessus/143005", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2679. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143005);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"RHSA\", value:\"2020:2679\");\n\n script_name(english:\"RHEL 7 : microcode_ctl (RHSA-2020:2679)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2679 advisory.\n\n - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n - hw: Vector Register Data Sampling (CVE-2020-0548)\n\n - hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected microcode_ctl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 203);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:microcode_ctl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.2')) audit(AUDIT_OS_NOT, 'Red Hat 7.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.2/x86_64/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.2/x86_64/os',\n 'content/aus/rhel/server/7/7.2/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'microcode_ctl-2.1-12.30.el7_2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:22", "description": "Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\n----\n\nUpdate to upstream 2.1-28. 20200609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Fedora 32 : 2:microcode_ctl (2020-e8835a5f8e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:microcode_ctl", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-E8835A5F8E.NASL", "href": "https://www.tenable.com/plugins/nessus/137688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e8835a5f8e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137688);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n script_xref(name:\"FEDORA\", value:\"2020-e8835a5f8e\");\n\n script_name(english:\"Fedora 32 : 2:microcode_ctl (2020-e8835a5f8e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543\n\n----\n\nUpdate to upstream 2.1-28. 20200609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e8835a5f8e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"microcode_ctl-2.1-39.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:19:21", "description": "- Update to upstream 2.1-31. 20201118\n\n - Removal of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68[1];\n\n - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34[2].\n\n[1] The microcode has been removed after reports of system hangs:\nhttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/is sues/44\n\n[2] Addresses CVE-2020-8695 for this platform.\n\n----\n\n - Update to upstream 2.1-30. 20201110\n\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n\n - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0;\n\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44;\n\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode from revision 0xd6 up to 0xe2;\n\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159;\n\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode from revision 0x2006906 up to 0x2006a08;\n\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003;\n\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003;\n\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40;\n\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e;\n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode from revision 0xd6 up to 0xe2;\n\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18;\n\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0;\n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from revision 0xd6 up to 0xe0;\n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0.\n\n - Addresses CVE-2020-8695, CVE-2020-8696, CVE-2020-8698\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "Fedora 32 : 2:microcode_ctl (2020-1afbe7ba2d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:microcode_ctl", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-1AFBE7BA2D.NASL", "href": "https://www.tenable.com/plugins/nessus/143330", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-1afbe7ba2d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143330);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-8695\", \"CVE-2020-8696\", \"CVE-2020-8698\");\n script_xref(name:\"FEDORA\", value:\"2020-1afbe7ba2d\");\n\n script_name(english:\"Fedora 32 : 2:microcode_ctl (2020-1afbe7ba2d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - Update to upstream 2.1-31. 20201118\n\n - Removal of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at\n revision 0x68[1];\n\n - Update of 06-7a-01/0x01 (GLK B0) microcode from revision\n 0x32 up to 0x34[2].\n\n[1] The microcode has been removed after reports of system hangs:\nhttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/is\nsues/44\n\n[2] Addresses CVE-2020-8695 for this platform.\n\n----\n\n - Update to upstream 2.1-30. 20201110\n\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at\n revision 0x700001e;\n\n - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at\n revision 0x28;\n\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at\n revision 0x68;\n\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode at\n revision 0xe0;\n\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at\n revision 0xe0;\n\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at\n revision 0xe0;\n\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at\n revision 0xe0;\n\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2)\n microcode from revision 0x43 up to 0x44;\n\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode\n from revision 0xd6 up to 0xe2;\n\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from\n revision 0x1000157 up to 0x1000159;\n\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0)\n microcode from revision 0x2006906 up to 0x2006a08;\n\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from\n revision 0x4002f01 up to 0x4003003;\n\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode\n from revision 0x5002f01 up to 0x5003003;\n\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision\n 0x38 up to 0x40;\n\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from\n revision 0x16 up to 0x1e;\n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0)\n microcode from revision 0xd6 up to 0xe2;\n\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from\n revision 0x16 up to 0x18;\n\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from\n revision 0x78 up to 0xa0;\n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from\n revision 0xd6 up to 0xde;\n\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode\n from revision 0xd6 up to 0xde;\n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0)\n microcode from revision 0xd6 up to 0xe0;\n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from\n revision 0xd6 up to 0xde;\n\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0,\n WHL-U V0) microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0)\n microcode from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode\n from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from\n revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode\n from revision 0xd6 up to 0xde;\n\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode\n from revision 0xd6 up to 0xde;\n\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from\n revision 0xca up to 0xe0.\n\n - Addresses CVE-2020-8695, CVE-2020-8696, CVE-2020-8698\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-1afbe7ba2d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"microcode_ctl-2.1-39.3.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:06", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=077233184260bd831e7c4afdd4aebb0bced6ee32\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/vtd: Hide superpage support for SandyBridge IOMMUs (Andrew Cooper) [Orabug: 31366846] (CVE-2018-12207) (CVE-2018-12207)\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=4cfb88a0f248605ca655e0609f0650c4563be653\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden (Andrew Cooper) [Orabug: 31470704] (CVE-2020-0543) (CVE-2020-0543)\n\n - cirrus: handle negative pitch in cirrus_invalidate_region (Wolfgang Bumiller) [Orabug:\n 31476272] (CVE-2017-18030)\n\n - cirrus: fix oob access in mode4and5 write functions (Gerd Hoffmann) [Orabug: 31476272] (CVE-2017-15289)\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=3206f3109cfd432d6e5bbffbcc9839f5b8ed1e44\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel (Andrew Cooper) [Orabug: 31470704] (CVE-2020-0543) (CVE-2020-0543)\n\n - x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling (Andrew Cooper) [Orabug:\n 31470704] (CVE-2020-0543) (CVE-2020-0543)\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=0bef1944b340a7ec3e93a20b472effa654f5ee16\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/crash: force unlock console before printing on kexec crash (Igor Druzhinin) [Orabug: 31255931]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=69a58ac753bd61961615f9208f8e1ee5ce946538\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - redtape: x86/tsx: TAA regressions (Patrick Colp) [Orabug: 31240359]\n\nThis security advisory was retracted by OracleVM on 2020/07/16.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2020-0027) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15289", "CVE-2017-18030", "CVE-2018-12207", "CVE-2020-0543"], "modified": "2020-07-17T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/138415", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0027.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/07/16. Security advisory retracted by vendor.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138415);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/17\");\n\n script_cve_id(\"CVE-2017-15289\", \"CVE-2017-18030\", \"CVE-2018-12207\", \"CVE-2020-0543\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2020-0027) (deprecated)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=077233184260bd831e7c4afdd4aebb0bced6ee32\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/vtd: Hide superpage support for SandyBridge IOMMUs\n (Andrew Cooper) [Orabug: 31366846] (CVE-2018-12207)\n (CVE-2018-12207)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=4cfb88a0f248605ca655e0609f0650c4563be653\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec-ctrl: Allow the RDRAND/RDSEED features to be\n hidden (Andrew Cooper) [Orabug: 31470704]\n (CVE-2020-0543) (CVE-2020-0543)\n\n - cirrus: handle negative pitch in\n cirrus_invalidate_region (Wolfgang Bumiller) [Orabug:\n 31476272] (CVE-2017-18030)\n\n - cirrus: fix oob access in mode4and5 write functions\n (Gerd Hoffmann) [Orabug: 31476272] (CVE-2017-15289)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=3206f3109cfd432d6e5bbffbcc9839f5b8ed1e44\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec-ctrl: Mitigate the Special Register Buffer Data\n Sampling sidechannel (Andrew Cooper) [Orabug: 31470704]\n (CVE-2020-0543) (CVE-2020-0543)\n\n - x86/spec-ctrl: CPUID/MSR definitions for Special\n Register Buffer Data Sampling (Andrew Cooper) [Orabug:\n 31470704] (CVE-2020-0543) (CVE-2020-0543)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=0bef1944b340a7ec3e93a20b472effa654f5ee16\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/crash: force unlock console before printing on kexec\n crash (Igor Druzhinin) [Orabug: 31255931]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=69a58ac753bd61961615f9208f8e1ee5ce946538\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - redtape: x86/tsx: TAA regressions (Patrick Colp)\n [Orabug: 31240359]\n\nThis security advisory was retracted by OracleVM on 2020/07/16.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000990.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0543\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. The advisory involved was retracted.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:16", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has microcode_ctl packages installed that are affected by multiple vulnerabilities:\n\n - Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;\n Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. (CVE-2019-0117)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0117", "CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2021-10-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:microcode_ctl", "p-cpe:/a:zte:cgsl_core:microcode_ctl-debuginfo", "p-cpe:/a:zte:cgsl_main:microcode_ctl", "p-cpe:/a:zte:cgsl_main:microcode_ctl-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0139_MICROCODE_CTL.NASL", "href": "https://www.tenable.com/plugins/nessus/154587", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0139. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154587);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/27\");\n\n script_cve_id(\n \"CVE-2019-0117\",\n \"CVE-2020-0543\",\n \"CVE-2020-0548\",\n \"CVE-2020-0549\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0139)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has microcode_ctl packages installed that are\naffected by multiple vulnerabilities:\n\n - Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;\n Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a\n privileged user to potentially enable information disclosure via local access. (CVE-2019-0117)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable\n information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user\n to potentially enable information disclosure via local access. (CVE-2020-0549)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0139\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-0117\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0548\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0549\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL microcode_ctl packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:microcode_ctl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'microcode_ctl-2.1-61.6.el7_8',\n 'microcode_ctl-debuginfo-2.1-61.6.el7_8'\n ],\n 'CGSL MAIN 5.05': [\n 'microcode_ctl-2.1-61.6.el7_8',\n 'microcode_ctl-debuginfo-2.1-61.6.el7_8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:31", "description": "It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4387-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0067", "CVE-2020-0543", "CVE-2020-12114", "CVE-2020-12464", "CVE-2020-12659"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4387-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137297);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\");\n script_xref(name:\"USN\", value:\"4387-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4387-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the F2FS file system implementation in the\nLinux kernel did not properly perform bounds checking on xattrs in\nsome situations. A local attacker could possibly use this to expose\nsensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather\nimplementation in the Linux kernel did not properly take data\nreferences in some situations, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the\nLinux kernel did not properly validate meta-data passed from user\nspace, leading to an out-of-bounds write vulnerability. A local\nattacker with the CAP_NET_ADMIN capability could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4387-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4387-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1023-aws\", pkgver:\"5.3.0-1023.25~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1024-oracle\", pkgver:\"5.3.0-1024.26~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1026-gcp\", pkgver:\"5.3.0-1026.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1026-gke\", pkgver:\"5.3.0-1026.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1026-raspi2\", pkgver:\"5.3.0-1027.29~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1028-azure\", pkgver:\"5.3.0-1028.29~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-59-generic\", pkgver:\"5.3.0-59.53~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-59-generic-lpae\", pkgver:\"5.3.0-59.53~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-59-lowlatency\", pkgver:\"5.3.0-59.53~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"5.3.0.1023.23\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.3.0.1028.25\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.3.0.1026.21\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.3\", pkgver:\"5.3.0.1026.13\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gkeop-5.3\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.3.0.1024.22\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2-hwe-18.04\", pkgver:\"5.3.0.1027.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.3.0.59.113\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1023-aws\", pkgver:\"5.3.0-1023.25\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1023-kvm\", pkgver:\"5.3.0-1023.25\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1024-oracle\", pkgver:\"5.3.0-1024.26\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1026-gcp\", pkgver:\"5.3.0-1026.28\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1026-raspi2\", pkgver:\"5.3.0-1027.29\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1028-azure\", pkgver:\"5.3.0-1028.29\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-59-generic\", pkgver:\"5.3.0-59.53\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-59-generic-lpae\", pkgver:\"5.3.0-59.53\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-59-lowlatency\", pkgver:\"5.3.0-59.53\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-59-snapdragon\", pkgver:\"5.3.0-59.53\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-aws\", pkgver:\"5.3.0.1023.34\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-azure\", pkgver:\"5.3.0.1028.47\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gcp\", pkgver:\"5.3.0.1026.37\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic\", pkgver:\"5.3.0.59.49\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.3.0.59.49\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gke\", pkgver:\"5.3.0.1026.37\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-kvm\", pkgver:\"5.3.0.1023.21\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.3.0.59.49\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-oracle\", pkgver:\"5.3.0.1024.40\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-raspi2\", pkgver:\"5.3.0.1027.25\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.3.0.59.49\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-virtual\", pkgver:\"5.3.0.59.49\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.3-aws / linux-image-5.3-azure / linux-image-5.3-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:31", "description": "This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1887-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-15563", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1887-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1887-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138433);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/28\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-15563\", \"CVE-2020-15565\", \"CVE-2020-15566\", \"CVE-2020-15567\");\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1887-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking\n(bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d\n(bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port\nallocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE\n(bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka\n'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15567/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201887-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbbd9e79\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1887=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1887=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15565\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_04-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_04-3.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:06", "description": "This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1902-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-15563", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1902-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1902-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138495);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-15563\", \"CVE-2020-15565\", \"CVE-2020-15566\", \"CVE-2020-15567\");\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1902-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking\n(bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d\n(bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port\nallocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE\n(bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka\n'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15567/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201902-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cb76833\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-1902=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1902=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15565\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-devel-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.13.1_04-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.13.1_04-3.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:13", "description": "This update for xen fixes the following issues :\n\n - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n\n - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n\n - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n\n - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n\n - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2020-965)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-15563", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567"], "modified": "2020-09-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-965.NASL", "href": "https://www.tenable.com/plugins/nessus/138741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-965.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138741);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\n \"CVE-2020-0543\",\n \"CVE-2020-15563\",\n \"CVE-2020-15565\",\n \"CVE-2020-15566\",\n \"CVE-2020-15567\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2020-965)\");\n script_summary(english:\"Check for the openSUSE-2020-965 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\n - CVE-2020-15563: Fixed inverted code paths in x86 dirty\n VRAM tracking (bsc#1173377).\n\n - CVE-2020-15565: Fixed insufficient cache write-back\n under VT-d (bsc#1173378).\n\n - CVE-2020-15566: Fixed incorrect error handling in event\n channel port allocation (bsc#1173376).\n\n - CVE-2020-15567: Fixed non-atomic modification of live\n EPT PTE (bsc#1173380).\n\n - CVE-2020-0543: Special Register Buffer Data Sampling\n (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173380\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-debugsource-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-devel-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-debuginfo-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-debuginfo-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_04-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_04-lp151.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:32", "description": "This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1889-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-15563", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1889-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1889-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138434);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-15563\", \"CVE-2020-15565\", \"CVE-2020-15566\", \"CVE-2020-15567\");\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1889-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking\n(bsc#1173377).\n\nCVE-2020-15565: Fixed insufficient cache write-back under VT-d\n(bsc#1173378).\n\nCVE-2020-15566: Fixed incorrect error handling in event channel port\nallocation (bsc#1173376).\n\nCVE-2020-15567: Fixed non-atomic modification of live EPT PTE\n(bsc#1173380).\n\nCVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka\n'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15567/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201889-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e2c6224\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-1889=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1889=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15565\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-devel-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.3_04-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.3_04-3.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:09", "description": "This update for xen fixes the following issues :\n\n - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n\n - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n\n - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n\n - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n\n - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2020-985)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-15563", "CVE-2020-15565", "CVE-2020-15566", "CVE-2020-15567"], "modified": "2020-09-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-xendomains-wait-disk", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-985.NASL", "href": "https://www.tenable.com/plugins/nessus/138749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-985.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138749);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\n \"CVE-2020-0543\",\n \"CVE-2020-15563\",\n \"CVE-2020-15565\",\n \"CVE-2020-15566\",\n \"CVE-2020-15567\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0034-S\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2020-985)\");\n script_summary(english:\"Check for the openSUSE-2020-985 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\n - CVE-2020-15563: Fixed inverted code paths in x86 dirty\n VRAM tracking (bsc#1173377).\n\n - CVE-2020-15565: Fixed insufficient cache write-back\n under VT-d (bsc#1173378).\n\n - CVE-2020-15566: Fixed incorrect error handling in event\n channel port allocation (bsc#1173376).\n\n - CVE-2020-15567: Fixed non-atomic modification of live\n EPT PTE (bsc#1173380).\n\n - CVE-2020-0543: Special Register Buffer Data Sampling\n (SRBDS) aka 'CrossTalk' (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173380\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-xendomains-wait-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-debugsource-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-devel-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-libs-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-libs-debuginfo-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-tools-domU-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-tools-domU-debuginfo-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-tools-4.13.1_04-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.13.1_04-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:36", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14393-1 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power. (CVE-2020-12652)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14393-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-10690", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigmem", "p-cpe:/a:novell:suse_linux:kernel-bigmem-base", "p-cpe:/a:novell:suse_linux:kernel-bigmem-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-ppc64", "p-cpe:/a:novell:suse_linux:kernel-ppc64-base", "p-cpe:/a:novell:suse_linux:kernel-ppc64-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150553", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14393-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150553);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2020-0543\",\n \"CVE-2020-10690\",\n \"CVE-2020-12652\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14393-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14393-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14393-1 advisory.\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows\n local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a\n double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this\n bug is not as bad as it could have been because these operations are all privileged and root already has\n enormous destructive power. (CVE-2020-12652)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1170056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171218\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-June/006913.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c7899f4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigmem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ppc64-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kernel-default-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.114', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kernel-default-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-base-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-devel-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-default-man-3.0.101-108.114', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-base-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-ec2-devel-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-pae-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-source-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-syms-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-base-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-trace-devel-3.0.101-108.114', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-base-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.114', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'kernel-xen-devel-3.0.101-108.114', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:11", "description": "It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659)\n\nDmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 : Linux kernel vulnerabilities (USN-4389-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0067", "CVE-2020-0543", "CVE-2020-10751", "CVE-2020-12114", "CVE-2020-12464", "CVE-2020-12659"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4389-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137299", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4389-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137299);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-10751\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\");\n script_xref(name:\"USN\", value:\"4389-1\");\n\n script_name(english:\"Ubuntu 20.04 : Linux kernel vulnerabilities (USN-4389-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the F2FS file system implementation in the\nLinux kernel did not properly perform bounds checking on xattrs in\nsome situations. A local attacker could possibly use this to expose\nsensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather\nimplementation in the Linux kernel did not properly take data\nreferences in some situations, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the\nLinux kernel did not properly validate meta-data passed from user\nspace, leading to an out-of-bounds write vulnerability. A local\nattacker with the CAP_NET_ADMIN capability could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659)\n\nDmitry Vyukov discovered that the SELinux netlink security hook in the\nLinux kernel did not validate messages in some situations. A\nprivileged attacker could use this to bypass SELinux netlink\nrestrictions. (CVE-2020-10751).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4389-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-10751\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4389-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1012-raspi\", pkgver:\"5.4.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1015-aws\", pkgver:\"5.4.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1015-gcp\", pkgver:\"5.4.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1015-kvm\", pkgver:\"5.4.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1015-oracle\", pkgver:\"5.4.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1016-azure\", pkgver:\"5.4.0-1016.16\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-27-generic\", pkgver:\"5.4.0-27.31\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-37-generic\", pkgver:\"5.4.0-37.41\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-37-generic-lpae\", pkgver:\"5.4.0-37.41\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-37-lowlatency\", pkgver:\"5.4.0-37.41\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-aws\", pkgver:\"5.4.0.1015.16\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-azure\", pkgver:\"5.4.0.1016.16\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.4.0.1015.14\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic\", pkgver:\"5.4.0.27.34\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic-hwe-20.04\", pkgver:\"5.4.0.27.34\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic-lpae-hwe-20.04\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-gke\", pkgver:\"5.4.0.1015.14\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.4.0.1015.14\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-lowlatency-hwe-20.04\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oem\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.4.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.4.0.1015.14\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-raspi\", pkgver:\"5.4.0.1012.12\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.4.0.1012.12\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.4.0.27.34\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-virtual-hwe-20.04\", pkgver:\"5.4.0.27.34\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.4-aws / linux-image-5.4-azure / linux-image-5.4-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:41", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - ipv4: ipv4_default_advmss should use route mtu (Eric Dumazet) [Orabug: 31563095]\n\n - net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095]\n\n - Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475]\n\n - md: batch flush requests. (NeilBrown) [Orabug: 31332821]\n\n - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] (CVE-2019-15214)\n\n - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug:\n 31352061] (CVE-2017-16538)\n\n - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] (CVE-2017-16538)\n\n - atomic_open: fix the handling of create_error (Al Viro) [Orabug: 31493395]\n\n - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command (Tomas Bortoli) [Orabug:\n 31351119] (CVE-2019-19533)\n\n - NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061]\n\n - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug:\n 31475612] (CVE-2020-0543)\n\n - x86/cpu: Add 'table' argument to cpu_matches (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] (CVE-2020-0543)\n\n - MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521]\n\n - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] (CVE-2019-19534)\n\n - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] (CVE-2019-19536)\n\n - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876]\n\n - iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372]", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16538", "CVE-2019-15214", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19536", "CVE-2020-0543"], "modified": "2020-07-16T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0028.NASL", "href": "https://www.tenable.com/plugins/nessus/138416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0028.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138416);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/16\");\n\n script_cve_id(\"CVE-2017-16538\", \"CVE-2019-15214\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2020-0543\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ipv4: ipv4_default_advmss should use route mtu (Eric\n Dumazet) [Orabug: 31563095]\n\n - net: ipv4: Refine the ipv4_default_advmss (Gao Feng)\n [Orabug: 31563095]\n\n - Revert 'bnxt_en: Remove busy poll logic in the driver.'\n (Brian Maly) [Orabug: 28151475]\n\n - md: batch flush requests. (NeilBrown) [Orabug: 31332821]\n\n - ALSA: core: Fix card races between register and\n disconnect (Takashi Iwai) [Orabug: 31351891]\n (CVE-2019-15214)\n\n - media: dvb-usb-v2: lmedm04: move ts2020 attach to\n dm04_lme2510_tuner (Malcolm Priestley) [Orabug:\n 31352061] (CVE-2017-16538)\n\n - media: dvb-usb-v2: lmedm04: Improve logic checking of\n warm start (Malcolm Priestley) [Orabug: 31352061]\n (CVE-2017-16538)\n\n - atomic_open: fix the handling of create_error (Al Viro)\n [Orabug: 31493395]\n\n - media: ttusb-dec: Fix info-leak in\n ttusb_dec_send_command (Tomas Bortoli) [Orabug:\n 31351119] (CVE-2019-19533)\n\n - NFS: Fix a performance regression in readdir (Trond\n Myklebust) [Orabug: 31409061]\n\n - x86/speculation: Add Ivy Bridge to affected list (Josh\n Poimboeuf) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/speculation: Add SRBDS vulnerability and mitigation\n documentation (Mark Gross) [Orabug: 31475612]\n (CVE-2020-0543)\n\n - x86/speculation: Add Special Register Buffer Data\n Sampling (SRBDS) mitigation (Mark Gross) [Orabug:\n 31475612] (CVE-2020-0543)\n\n - x86/cpu: Add 'table' argument to cpu_matches (Mark\n Gross) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/cpu: Add a steppings field to struct x86_cpu_id\n (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)\n\n - x86/cpu: Rename cpu_data.x86_mask to\n cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612]\n (CVE-2020-0543)\n\n - MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong\n Duan) [Orabug: 30000521]\n\n - can: peak_usb: fix slab info leak (Johan Hovold)\n [Orabug: 31351141] (CVE-2019-19534)\n\n - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB\n devices (Tomas Bortoli) [Orabug: 31351250]\n (CVE-2019-19536)\n\n - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876]\n\n - iscsi_target: fix mismatch spinlock unlock (Junxiao Bi)\n [Orabug: 31202372]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000989.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.40.6.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.40.6.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:00", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5750 advisory.\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). (CVE-2017-16538)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. (CVE-2019-19536)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5750)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16538", "CVE-2019-15214", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19536", "CVE-2020-0543"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5750.NASL", "href": "https://www.tenable.com/plugins/nessus/138247", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5750.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138247);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-16538\",\n \"CVE-2019-15214\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2020-0543\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5750)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5750 advisory.\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound\n subsystem because card disconnection causes certain data structures to be deleted too early. This is\n related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a\n denial of service (general protection fault and system crash) or possibly have unspecified other impact\n via a crafted USB device, related to a missing warm-start check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). (CVE-2017-16538)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. (CVE-2019-19536)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5750.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-16538\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.40.6.el6uek', '4.1.12-124.40.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5750');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.40.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.40.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.40.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.40.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.40.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.40.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.40.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.40.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.40.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.40.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.40.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.40.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:16", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has microcode_ctl packages installed that are affected by multiple vulnerabilities:\n\n - Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;\n Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access. (CVE-2019-0117)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)\n\n - Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8696)\n\n - Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8698)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.06 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0117", "CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549", "CVE-2020-8696", "CVE-2020-8698"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0001_MICROCODE_CTL.NASL", "href": "https://www.tenable.com/plugins/nessus/147405", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0001. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147405);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2019-0117\",\n \"CVE-2020-0543\",\n \"CVE-2020-0548\",\n \"CVE-2020-0549\",\n \"CVE-2020-8696\",\n \"CVE-2020-8698\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has microcode_ctl packages installed that are affected by\nmultiple vulnerabilities:\n\n - Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th\n Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families;\n Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a\n privileged user to potentially enable information disclosure via local access. (CVE-2019-0117)\n\n - Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable\n information disclosure via local access. (CVE-2020-0548)\n\n - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user\n to potentially enable information disclosure via local access. (CVE-2020-0549)\n\n - Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow\n an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8696)\n\n - Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to\n potentially enable information disclosure via local access. (CVE-2020-8698)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL microcode_ctl packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8698\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 4.06': [\n 'microcode_ctl-1.17-33.31.el6_10'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'microcode_ctl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:13", "description": "It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nXiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749)\n\nDmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4390-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0067", "CVE-2020-0543", "CVE-2020-10751", "CVE-2020-12114", "CVE-2020-12464", "CVE-2020-1749"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4390-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137300", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4390-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137300);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-10751\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-1749\");\n script_xref(name:\"USN\", value:\"4390-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4390-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the F2FS file system implementation in the\nLinux kernel did not properly perform bounds checking on xattrs in\nsome situations. A local attacker could possibly use this to expose\nsensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather\nimplementation in the Linux kernel did not properly take data\nreferences in some situations, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nXiumei Mu discovered that the IPSec implementation in the Linux kernel\ndid not properly encrypt IPv6 traffic in some situations. An attacker\ncould use this to expose sensitive information. (CVE-2020-1749)\n\nDmitry Vyukov discovered that the SELinux netlink security hook in the\nLinux kernel did not validate messages in some situations. A\nprivileged attacker could use this to bypass SELinux netlink\nrestrictions. (CVE-2020-10751).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4390-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12464\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-10751\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-1749\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4390-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1045-oracle\", pkgver:\"4.15.0-1045.49~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-106-generic\", pkgver:\"4.15.0-106.107~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-106-generic-lpae\", pkgver:\"4.15.0-106.107~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-106-lowlatency\", pkgver:\"4.15.0-106.107~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1073-aws\", pkgver:\"4.15.0-1073.77~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1077-gcp\", pkgver:\"4.15.0-1077.87~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1089-azure\", pkgver:\"4.15.0-1089.99~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1073.73\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1089.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure-edge\", pkgver:\"4.15.0.1089.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1077.79\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.106.111\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.106.111\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1077.79\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.106.111\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.106.111\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1045.38\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.106.111\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1045-oracle\", pkgver:\"4.15.0-1045.49\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-106-generic\", pkgver:\"4.15.0-106.107\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-106-generic-lpae\", pkgver:\"4.15.0-106.107\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-106-lowlatency\", pkgver:\"4.15.0-106.107\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1063-gke\", pkgver:\"4.15.0-1063.66\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1063-raspi2\", pkgver:\"4.15.0-1063.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1067-kvm\", pkgver:\"4.15.0-1067.68\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1073-aws\", pkgver:\"4.15.0-1073.77\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1080-snapdragon\", pkgver:\"4.15.0-1080.87\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1087-oem\", pkgver:\"4.15.0-1087.97\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1089-azure\", pkgver:\"4.15.0-1089.99\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-lts-18.04\", pkgver:\"4.15.0.1073.76\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure-lts-18.04\", pkgver:\"4.15.0.1089.60\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.106.94\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.106.94\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1063.65\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1063.65\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1067.63\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.106.94\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1087.91\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-lts-18.04\", pkgver:\"4.15.0.1045.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1063.61\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1080.83\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.106.94\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:56", "description": "It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659)\n\nXiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0067", "CVE-2020-0543", "CVE-2020-12114", "CVE-2020-12464", "CVE-2020-12659", "CVE-2020-1749"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4388-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4388-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137298);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\", \"CVE-2020-1749\");\n script_xref(name:\"USN\", value:\"4388-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the F2FS file system implementation in the\nLinux kernel did not properly perform bounds checking on xattrs in\nsome situations. A local attacker could possibly use this to expose\nsensitive information (kernel memory). (CVE-2020-0067)\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX\nEGETKEY read operations on Intel client and Xeon E3 processors may be\nbriefly exposed to processes on the same or different processor cores.\nA local attacker could use this to expose sensitive information.\n(CVE-2020-0543)\n\nPiotr Krysiuk discovered that race conditions existed in the file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-12114)\n\nIt was discovered that the USB susbsystem's scatter-gather\nimplementation in the Linux kernel did not properly take data\nreferences in some situations, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2020-12464)\n\nBui Quang Minh discovered that the XDP socket implementation in the\nLinux kernel did not properly validate meta-data passed from user\nspace, leading to an out-of-bounds write vulnerability. A local\nattacker with the CAP_NET_ADMIN capability could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2020-12659)\n\nXiumei Mu discovered that the IPSec implementation in the Linux kernel\ndid not properly encrypt IPv6 traffic in some situations. An attacker\ncould use this to expose sensitive information. (CVE-2020-1749).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4388-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-0067\", \"CVE-2020-0543\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12659\", \"CVE-2020-1749\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4388-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1042-gke\", pkgver:\"5.0.0-1042.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1059-oem-osp1\", pkgver:\"5.0.0-1059.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1042.27\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.0.0.1059.58\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-gke / linux-image-5.0-oem-osp1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:03", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5756 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). (CVE-2019-19769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5756)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19769", "CVE-2020-0543", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-12655", "CVE-2020-12770"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5756.NASL", "href": "https://www.tenable.com/plugins/nessus/138488", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5756.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138488);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-19769\",\n \"CVE-2020-0543\",\n \"CVE-2020-10711\",\n \"CVE-2020-10757\",\n \"CVE-2020-12655\",\n \"CVE-2020-12770\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5756)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5756 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function\n (related to include/trace/events/lock.h). (CVE-2019-19769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5756.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2011.4.4.el7uek', '5.4.17-2011.4.4.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5756');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.4.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.4.4.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:27", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - update 06-2d-07 to 0x71a\n\n - update 06-55-04 to 0x2006906\n\n - update 06-55-07 to 0x5002f01\n\n - merge Oracle changes for early load via dracut\n\n - enable late load on install for UEK4 kernels marked safe (except BDW-79)\n\n - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]\n\n - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186) :\n\n - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28 \n\n - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f \n\n - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26 \n\n - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c \n\n - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22 \n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc \n\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157 \n\n - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906 \n\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01 \n\n - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01 \n\n - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc \n\n - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.\n\n - Update Intel CPU microcode to microcode-20200520 release (#1839193) :\n\n - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621 \n\n - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a \n\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78.\n\n - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models (#1835555).\n\n - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774635).\n\n - Update Intel CPU microcode to microcode-20191115 release :\n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6 \n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6 \n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca \n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca \n\n - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca \n\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.\n\n - Update Intel CPU microcode to microcode-20191113 release :\n\n - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6.\n\n - Drop 0001-releasenote-changes-summary-fixes.patch.\n\n - Package the publicy available microcode-20191112 release (#1755021) :\n\n - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d \n\n - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c \n\n - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16 \n\n - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151 \n\n - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065 \n\n - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c \n\n - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32 \n\n - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release.\n\n - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch).\n\n - Update README.caveats with the link to the new Knowledge Base article.\n\n - Fix the incorrect 'Source2:' tag.\n\n - Intel CPU microcode update to 20191112, addresses CVE-2017-5715, CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764049, #1764062, #1764953,\n\n - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6 \n\n - Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a \n\n - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150 \n\n - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46 \n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4 \n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc to 0xd4\n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6 \n\n - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6.\n\n - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default (#1758382).\n\n - Revert more strict model check code, as it requires request_firmware-based microcode loading mechanism and breaks enabling of microcode with caveats.\n\n - Intel CPU microcode update to 20190918 (#1753540).\n\n - Intel CPU microcode update to 20190618 (#1717238).\n\n - Remove disclaimer, as it is not as important now to justify kmsg/log pollution its contents are partially adopted in README.caveats.\n\n - Intel CPU microcode update to 20190514a (#1711938).\n\n - Intel CPU microcode update to 20190507_Public_DEMO (#1697960).\n\n - Intel CPU microcode update to 20190312 (#1697960).\n\n - Fix disclaimer path in %post script.\n\n - Fix installation path for the disclaimer file.\n\n - Add README.caveats documentation file.\n\n - Use check_caveats from the RHEL 7 package in order to support overrides.\n\n - Disable 06-4f-01 microcode in config (#1622180).\n\n - Intel CPU microcode update to 20180807a (#1614427).\n\n - Add check for minimal microcode version to reload_microcode.\n\n - Intel CPU microcode update to 20180807.\n\n - Resolves: #1614427.\n\n - Intel CPU microcode update to 20180703\n\n - Add infrastructure for handling kernel-version-dependant microcode\n\n - Resolves: #1574593\n\n - Intel CPU microcode update to 20180613.\n\n - Resolves: #1573451\n\n - Update AMD microcode to 2018-05-24\n\n - Resolves: #1584192\n\n - Update AMD microcode\n\n - Resolves: #1574591\n\n - Update disclaimer text\n\n - Resolves: #1574588\n\n - Intel CPU microcode update to 20180425.\n\n - Resolves: #1574588\n\n - Revert Microcode from Intel and AMD for Side Channel attack\n\n - Resolves: #1533941\n\n - Update microcode data file to 20180108 revision.\n\n - Resolves: #1527354\n\n - Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04\n\n - Add amd microcode_amd_fam17h.bin data file\n\n - Resolves: #1527354\n\n - Update microcode data file to 20170707 revision.\n\n - Resolves: #1465143\n\n - Revert microcode_amd_fam15h.bin to version from amd-ucode-2012-09-10\n\n - Resolves: #1322525\n\n - Update microcode data file to 20161104 revision.\n\n - Add workaround for E5-26xxv4\n\n - Resolves: #1346045\n\n - Update microcode data file to 20160714 revision.\n\n - Resolves: #1346045\n\n - Update amd microcode data file to amd-ucode-2013-11-07\n\n - Resolves: #1322525\n\n - Update microcode data file to 20151106 revision.\n\n - Resolves: #1244968\n\n - Remove bad file permissions on /lib/udev/rules.d/89-microcode.rules\n\n - Resolves: #1201276\n\n - Update microcode data file to 20150121 revision.\n\n - Resolves: #1123992\n\n - Update microcode data file to 20140624 revision.\n\n - Resolves: #1113394\n\n - Update microcode data file to 20140430 revision.\n\n - Resolves: #1036240", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : microcode_ctl (OVMSA-2020-0026) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2019-0117", "CVE-2019-11135", "CVE-2019-11139", "CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:microcode_ctl", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/137739", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0026.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137739);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2019-0117\", \"CVE-2019-11135\", \"CVE-2019-11139\", \"CVE-2020-0543\", \"CVE-2020-0548\", \"CVE-2020-0549\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : microcode_ctl (OVMSA-2020-0026) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - update 06-2d-07 to 0x71a\n\n - update 06-55-04 to 0x2006906\n\n - update 06-55-07 to 0x5002f01\n\n - merge Oracle changes for early load via dracut\n\n - enable late load on install for UEK4 kernels marked safe\n (except BDW-79)\n\n - set early_microcode='no' in virtualized guests to avoid\n early load bugs [Orabug: 30618737]\n\n - Update Intel CPU microcode to microcode-20200602\n release, addresses CVE-2020-0543, CVE-2020-0548,\n CVE-2020-0549 (#1795353, #1795357, #1827186) :\n\n - Update of 06-3c-03/0x32 (HSW C0) microcode from revision\n 0x27 up to 0x28 \n\n - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from\n revision 0x2e up to 0x2f \n\n - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from\n revision 0x25 up to 0x26 \n\n - Update of 06-46-01/0x32 (HSW-H C0) microcode from\n revision 0x1b up to 0x1c \n\n - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode\n from revision 0x21 up to 0x22 \n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from\n revision 0xd6 up to 0xdc \n\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from\n revision 0x1000151 up to 0x1000157 \n\n - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1)\n microcode (in intel-06-55-04/intel-ucode/06-55-04) from\n revision 0x2000065 up to 0x2006906 \n\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from\n revision 0x400002c up to 0x4002f01 \n\n - Update of 06-55-07/0xbf (CLX-SP B1) microcode from\n revision 0x500002c up to 0x5002f01 \n\n - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from\n revision 0xd6 up to 0xdc \n\n - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U\n V0) microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0)\n microcode from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode\n from revision 0xca up to 0xd6 \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from\n revision 0xca up to 0xd6 \n\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from\n revision 0xca up to 0xd6.\n\n - Update Intel CPU microcode to microcode-20200520 release\n (#1839193) :\n\n - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode\n from revision 0x61f up to 0x621 \n\n - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode\n from revision 0x718 up to 0x71a \n\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from\n revision 0x46 up to 0x78.\n\n - Narrow down SKL-SP/W/X blacklist to exclude\n Server/FPGA/Fabric segment models (#1835555).\n\n - Do not update 06-55-04 (SKL-SP/W/X) to revision\n 0x2000065, use 0x2000064 by default (#1774635).\n\n - Update Intel CPU microcode to microcode-20191115 \nrelease :\n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4\n up to 0xd6 \n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from\n revision 0xd4 up to 0xd6 \n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision\n 0xc6 up to 0xca \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6\n up to 0xca \n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision\n 0xc6 up to 0xca \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up\n to 0xca \n\n - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U\n V0) from revision 0xc6 up to 0xca \n\n - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0)\n from revision 0xc6 up to 0xca \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from\n revision 0xc6 up to 0xca \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up\n to 0xca \n\n - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision\n 0xc6 up to 0xca \n\n - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6\n up to 0xca \n\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision\n 0xc6 up to 0xca.\n\n - Update Intel CPU microcode to microcode-20191113 \nrelease :\n\n - Update of 06-9e-0c (CFL-H/S P0) microcode from revision\n 0xae up to 0xc6.\n\n - Drop 0001-releasenote-changes-summary-fixes.patch.\n\n - Package the publicy available microcode-20191112 release\n (#1755021) :\n\n - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at\n revision 0x12d \n\n - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at\n revision 0x400002c \n\n - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision\n 0x16 \n\n - Update of 06-55-03/0x97 (SKL-SP B1) microcode from\n revision 0x1000150 up to 0x1000151 \n\n - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1)\n microcode from revision 0x2000064 up to 0x2000065 \n\n - Update of 06-55-07/0xbf (CSL-SP B1) microcode from\n revision 0x500002b up to 0x500002c \n\n - Update of 06-7a-01/0x1 (GLK B0) microcode from revision\n 0x2e up to 0x32 \n\n - Include 06-9e-0c (CFL-H/S P0) microcode from the\n microcode-20190918 release.\n\n - Correct the releasenote file\n (0001-releasenote-changes-summary-fixes.patch).\n\n - Update README.caveats with the link to the new Knowledge\n Base article.\n\n - Fix the incorrect 'Source2:' tag.\n\n - Intel CPU microcode update to 20191112, addresses\n CVE-2017-5715, CVE-2019-0117, CVE-2019-11135,\n CVE-2019-11139 (#1764049, #1764062, #1764953,\n\n - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at\n revision 0xc6 \n\n - Addition of 06-66-03/0x80 (CNL-U D0) microcode at\n revision 0x2a \n\n - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at\n revision 0x1000150 \n\n - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at\n revision 0x46 \n\n - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from\n revision 0xcc to 0xd4 \n\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0)\n microcode from revision 0xcc to 0xd4\n\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from\n revision 0xb4 to 0xc6 \n\n - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from\n revision 0xb4 to 0xc6 \n\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from\n revision 0xb4 to 0xc6 \n\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from\n revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from\n revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from\n revision 0xb8 to 0xc6 \n\n - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from\n revision 0xb8 to 0xc6 \n\n - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from\n revision 0xb4 to 0xc6 \n\n - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode\n from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode\n from revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from\n revision 0xb4 to 0xc6 \n\n - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from\n revision 0xb8 to 0xc6.\n\n - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718,\n use 0x714 by default (#1758382).\n\n - Revert more strict model check code, as it requires\n request_firmware-based microcode loading mechanism and\n breaks enabling of microcode with caveats.\n\n - Intel CPU microcode update to 20190918 (#1753540).\n\n - Intel CPU microcode update to 20190618 (#1717238).\n\n - Remove disclaimer, as it is not as important now to\n justify kmsg/log pollution its contents are partially\n adopted in README.caveats.\n\n - Intel CPU microcode update to 20190514a (#1711938).\n\n - Intel CPU microcode update to 20190507_Public_DEMO\n (#1697960).\n\n - Intel CPU microcode update to 20190312 (#1697960).\n\n - Fix disclaimer path in %post script.\n\n - Fix installation path for the disclaimer file.\n\n - Add README.caveats documentation file.\n\n - Use check_caveats from the RHEL 7 package in order to\n support overrides.\n\n - Disable 06-4f-01 microcode in config (#1622180).\n\n - Intel CPU microcode update to 20180807a (#1614427).\n\n - Add check for minimal microcode version to\n reload_microcode.\n\n - Intel CPU microcode update to 20180807.\n\n - Resolves: #1614427.\n\n - Intel CPU microcode update to 20180703\n\n - Add infrastructure for handling kernel-version-dependant\n microcode\n\n - Resolves: #1574593\n\n - Intel CPU microcode update to 20180613.\n\n - Resolves: #1573451\n\n - Update AMD microcode to 2018-05-24\n\n - Resolves: #1584192\n\n - Update AMD microcode\n\n - Resolves: #1574591\n\n - Update disclaimer text\n\n - Resolves: #1574588\n\n - Intel CPU microcode update to 20180425.\n\n - Resolves: #1574588\n\n - Revert Microcode from Intel and AMD for Side Channel\n attack\n\n - Resolves: #1533941\n\n - Update microcode data file to 20180108 revision.\n\n - Resolves: #1527354\n\n - Update Intel CPU microde for 06-3f-02, 06-4f-01, and\n 06-55-04\n\n - Add amd microcode_amd_fam17h.bin data file\n\n - Resolves: #1527354\n\n - Update microcode data file to 20170707 revision.\n\n - Resolves: #1465143\n\n - Revert microcode_amd_fam15h.bin to version from\n amd-ucode-2012-09-10\n\n - Resolves: #1322525\n\n - Update microcode data file to 20161104 revision.\n\n - Add workaround for E5-26xxv4\n\n - Resolves: #1346045\n\n - Update microcode data file to 20160714 revision.\n\n - Resolves: #1346045\n\n - Update amd microcode data file to amd-ucode-2013-11-07\n\n - Resolves: #1322525\n\n - Update microcode data file to 20151106 revision.\n\n - Resolves: #1244968\n\n - Remove bad file permissions on\n /lib/udev/rules.d/89-microcode.rules\n\n - Resolves: #1201276\n\n - Update microcode data file to 20150121 revision.\n\n - Resolves: #1123992\n\n - Update microcode data file to 20140624 revision.\n\n - Resolves: #1113394\n\n - Update microcode data file to 20140430 revision.\n\n - Resolves: #1036240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000986.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected microcode_ctl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0549\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:microcode_ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"microcode_ctl-1.17-33.26.0.1.el6_10\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"microcode_ctl-1.17-33.26.0.1.el6_10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"microcode_ctl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:43", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-10757", "CVE-2020-12114", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12656"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1596-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137611);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-10757\", \"CVE-2020-12114\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12656\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1596-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to\nhold an incorrect lock during the ioctl operation and trigger a race\ncondition (bsc#1171218).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have\nallowed local users to gain privileges or cause a denial of service\n(bsc#1171195).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have\nallowed a remote AP to trigger a heap-based buffer overflow\n(bsc#1171202).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release\ncalls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have\nallowed local users to cause a denial of service (panic) by corrupting\na mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12656/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201596-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb99ca27\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1596=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1596=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1596=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1596=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1596=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-1596=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1596=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1596=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-debuginfo-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.121.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:24", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1597-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0543", "CVE-2020-10757", "CVE-2020-12114", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12656"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1597-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1597-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137612);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-10757\", \"CVE-2020-12114\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12656\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1597-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release\ncalls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have\nallowed a remote AP to trigger a heap-based buffer overflow\n(bsc#1171202).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have\nallowed local users to gain privileges or cause a denial of service\n(bsc#1171195).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to\nhold an incorrect lock during the ioctl operation and trigger a race\ncondition (bsc#1171218).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have\nallowed local users to cause a denial of service (panic) by corrupting\na mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute

SUSE SLES12 Security Update : xen (SUSE-SU-2020:1633-1)

Description

Related