This update for the Linux Kernel 4.4.121-92_117 fixes several issues.
The following security issues were fixed :
CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).
CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
{"id": "SUSE_SU-2020-1767-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1767-1)", "description": "This update for the Linux Kernel 4.4.121-92_117 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-07-09T00:00:00", "modified": "2020-12-07T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/138298", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-15666/", "https://bugzilla.suse.com/show_bug.cgi?id=1172437", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15666", "https://www.suse.com/security/cve/CVE-2020-10757/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10757", "http://www.nessus.org/u?ac95bf23", "https://bugzilla.suse.com/show_bug.cgi?id=1172140"], "cvelist": ["CVE-2019-15666", "CVE-2020-10757"], "immutableFields": [], "lastseen": "2023-02-05T14:22:53", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1401", "ALAS2-2020-1465"]}, {"type": "centos", "idList": ["CESA-2020:3220"]}, {"type": "cve", "idList": ["CVE-2019-15666", "CVE-2020-10757"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-15666", "DEBIANCVE:CVE-2020-10757"]}, {"type": "f5", "idList": ["F5:K05617914", "F5:K53420251"]}, {"type": "fedora", "idList": ["FEDORA:055473124314", "FEDORA:2A755608EC25", "FEDORA:803AE30C6416"]}, {"type": "ibm", "idList": ["64ADFD088203597B59C398AB3DEF28DC4F72D37A4C48C7FA81C6531EDA6A9877", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58", "D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "mageia", "idList": ["MGASA-2020-0333"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1465.NASL", "AL2_ALASKERNEL-5_4-2022-012.NASL", "ALA_ALAS-2020-1401.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS_RHSA-2020-3220.NASL", "DEBIAN_DLA-1919.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4699.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1807.NASL", "EULEROS_SA-2020-1892.NASL", "EULEROS_SA-2020-1938.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-2040.NASL", "FEDORA_2020-07F0BE216F.NASL", "FEDORA_2020-203FFEDEB5.NASL", "NEWSTART_CGSL_NS-SA-2021-0008_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0140_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_18_0_5.NASL", "NUTANIX_NXSA-AOS-5_18_1.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2021-242.NASL", "ORACLELINUX_ELSA-2019-4808.NASL", "ORACLELINUX_ELSA-2019-4820.NASL", "ORACLELINUX_ELSA-2020-3220.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5756.NASL", "PHOTONOS_PHSA-2020-2_0-0251_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0102_LINUX.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-3010.NASL", "REDHAT-RHSA-2020-3016.NASL", "REDHAT-RHSA-2020-3041.NASL", "REDHAT-RHSA-2020-3220.NASL", "REDHAT-RHSA-2020-3221.NASL", "REDHAT-RHSA-2020-3222.NASL", "REDHAT-RHSA-2020-3226.NASL", "REDHAT-RHSA-2020-3598.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1596-1.NASL", "SUSE_SU-2020-1597-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-1764-1.NASL", "SUSE_SU-2020-1779-1.NASL", "SUSE_SU-2020-1781-1.NASL", "SUSE_SU-2020-1784-1.NASL", "SUSE_SU-2020-2487-1.NASL", "UBUNTU_USN-4426-1.NASL", "UBUNTU_USN-4439-1.NASL", "UBUNTU_USN-4440-1.NASL", "UBUNTU_USN-4483-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704698", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310877951", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310877977", "OPENVAS:1361412562310891919", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220201186"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4808", "ELSA-2019-4820", "ELSA-2020-3010", "ELSA-2020-3220", "ELSA-2020-4060", "ELSA-2020-5755", "ELSA-2020-5756"]}, {"type": "osv", "idList": ["OSV:DLA-1919-1", "OSV:DLA-2242-1", "OSV:DSA-4698-1", "OSV:DSA-4699-1"]}, {"type": "photon", "idList": ["PHSA-2019-0021", "PHSA-2019-0162", "PHSA-2019-1.0-0238", "PHSA-2020-0102", "PHSA-2020-0251", "PHSA-2020-2.0-0251", "PHSA-2020-3.0-0102"]}, {"type": "redhat", "idList": ["RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2020:1493", "RHSA-2020:3010", "RHSA-2020:3016", "RHSA-2020:3041", "RHSA-2020:3194", "RHSA-2020:3220", "RHSA-2020:3221", "RHSA-2020:3222", "RHSA-2020:3226", "RHSA-2020:3598"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-15666", "RH:CVE-2020-10757"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "ubuntu", "idList": ["LSN-0069-1", "USN-4426-1", "USN-4439-1", "USN-4440-1", "USN-4483-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15666", "UB:CVE-2020-10757"]}, {"type": "veracode", "idList": ["VERACODE:22791", "VERACODE:25934"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1401"]}, {"type": "centos", "idList": ["CESA-2020:3220"]}, {"type": "cve", "idList": ["CVE-2019-15666"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1919-1:239EC", "DEBIAN:DLA-1919-2:858F8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-15666", "DEBIANCVE:CVE-2020-10757"]}, {"type": "f5", "idList": ["F5:K53420251"]}, {"type": "fedora", "idList": ["FEDORA:055473124314", "FEDORA:2A755608EC25", "FEDORA:803AE30C6416"]}, {"type": "ibm", "idList": ["D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2020-3220.NASL", "DEBIAN_DLA-1919.NASL", "EULEROS_SA-2020-1807.NASL", "ORACLELINUX_ELSA-2020-3220.NASL", "REDHAT-RHSA-2020-3010.NASL", "REDHAT-RHSA-2020-3016.NASL", "REDHAT-RHSA-2020-3041.NASL", "REDHAT-RHSA-2020-3220.NASL", "REDHAT-RHSA-2020-3221.NASL", "REDHAT-RHSA-2020-3222.NASL", "REDHAT-RHSA-2020-3226.NASL", "UBUNTU_USN-4426-1.NASL", "UBUNTU_USN-4439-1.NASL", "UBUNTU_USN-4440-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852705", "OPENVAS:1361412562310891919"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4808", "ELSA-2019-4820", "ELSA-2020-3220"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0238", "PHSA-2020-2.0-0251", "PHSA-2020-3.0-0102"]}, {"type": "redhat", "idList": ["RHSA-2020:1493"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-10757"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "talos", "idList": ["SAP"]}, {"type": "ubuntu", "idList": ["USN-4426-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15666", "UB:CVE-2020-10757"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-15666", "epss": "0.000450000", "percentile": "0.120470000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10757", "epss": "0.000440000", "percentile": "0.082150000", "modified": "2023-03-16"}], "vulnersScore": -0.3}, "_state": {"dependencies": 1675607208, "score": 1675607132, "epss": 1678988709}, "_internal": {"score_hash": "6e87c60818fe68e737ffde40aa1d7c47"}, "pluginID": "138298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1767-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138298);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-15666\", \"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1767-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.121-92_117 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink,\nwhich could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201767-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac95bf23\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1766=1\nSUSE-SLE-SAP-12-SP2-2020-1767=1 SUSE-SLE-SAP-12-SP2-2020-1768=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1766=1\nSUSE-SLE-SERVER-12-SP2-2020-1767=1 SUSE-SLE-SERVER-12-SP2-2020-1768=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_114-default-10-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_117-default-9-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_120-default-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1766=1 SUSE-SLE-SAP-12-SP2-2020-1767=1 SUSE-SLE-SAP-12-SP2-2020-1768=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1766=1 SUSE-SLE-SERVER-12-SP2-2020-1767=1 SUSE-SLE-SERVER-12-SP2-2020-1768=1", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-10757", "vendor_cvss2": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-06-25T00:00:00", "vulnerabilityPublicationDate": "2019-08-27T00:00:00", "exploitableWith": []}
{"nessus": [{"lastseen": "2023-02-05T14:21:57", "description": "This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1784-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15666", "CVE-2020-10757"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1784-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1784-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138306);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-15666\", \"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1784-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink,\nwhich could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201784-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4276541e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1782=1\nSUSE-SLE-SAP-12-SP3-2020-1783=1 SUSE-SLE-SAP-12-SP3-2020-1784=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1782=1\nSUSE-SLE-SERVER-12-SP3-2020-1783=1 SUSE-SLE-SERVER-12-SP3-2020-1784=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-10-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-10-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:19:13", "description": "The 5.6.16 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "Fedora 32 : kernel (2020-07f0be216f)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-07F0BE216F.NASL", "href": "https://www.tenable.com/plugins/nessus/137210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-07f0be216f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137210);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2020-10757\");\n script_xref(name:\"FEDORA\", value:\"2020-07f0be216f\");\n\n script_name(english:\"Fedora 32 : kernel (2020-07f0be216f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.16 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-07f0be216f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-10757\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-07f0be216f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"kernel-5.6.16-300.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:20:08", "description": "The 5.6.16 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel (2020-203ffedeb5)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-203FFEDEB5.NASL", "href": "https://www.tenable.com/plugins/nessus/137380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-203ffedeb5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137380);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2020-10757\");\n script_xref(name:\"FEDORA\", value:\"2020-203ffedeb5\");\n\n script_name(english:\"Fedora 31 : kernel (2020-203ffedeb5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.16 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-203ffedeb5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-10757\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-203ffedeb5\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.6.16-200.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:45:16", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-06T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2020-2.0-0251", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0251_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/137195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0251. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137195);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-10757\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2020-2.0-0251\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-251.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-devel-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-docs-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-sound-4.9.224-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-tools-4.9.224-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:19:38", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-07T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2020-3.0-0102", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0102_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/137200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0102. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137200);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-10757\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2020-3.0-0102\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-102.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-hmacgen-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-devel-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-docs-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-drivers-sound-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-4.19.124-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.19.124-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.19.124-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-hmacgen-4.19.124-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-hmacgen-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-python3-perf-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-hmacgen-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.19.124-2.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-tools-4.19.124-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:23:23", "description": "This update for the Linux Kernel 4.4.121-92_129 fixes one issue.\n\nThe following security issue was fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1764-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_125-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1764-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1764-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138297);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1764-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.121-92_129 fixes one issue.\n\nThe following security issue was fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201764-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1eda5ab\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1764=1\nSUSE-SLE-SAP-12-SP2-2020-1765=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1764=1\nSUSE-SLE-SERVER-12-SP2-2020-1765=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_125-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_125-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_129-default-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:48:05", "description": "This update for the Linux Kernel 4.4.180-94_107 fixes one issue.\n\nThe following security issue was fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1781-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_107-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_107-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1781-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1781-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1781-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.180-94_107 fixes one issue.\n\nThe following security issue was fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201781-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d191c04\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1780=1\nSUSE-SLE-SAP-12-SP3-2020-1781=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1780=1\nSUSE-SLE-SERVER-12-SP3-2020-1781=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_107-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_113-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_107-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_107-default-debuginfo-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_113-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_113-default-debuginfo-5-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:50:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3598 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-01T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:3598)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-3598.NASL", "href": "https://www.tenable.com/plugins/nessus/140124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3598. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140124);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-10757\");\n script_xref(name:\"RHSA\", value:\"2020:3598\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:3598)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:3598 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-10757');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3598');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.33.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.33.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:21:56", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3226 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:3226)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-3226.NASL", "href": "https://www.tenable.com/plugins/nessus/139197", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3226. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139197);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-10757\", \"CVE-2020-12653\", \"CVE-2020-12654\");\n script_xref(name:\"RHSA\", value:\"2020:3226\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:3226)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3226 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-10757', 'CVE-2020-12653', 'CVE-2020-12654');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3226');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.58.2.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.58.2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:28:34", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.(CVE-2020-10757)\n\n - A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash.\n This flaw allows a local attacker with user privileges to cause a denial of service(CVE-2020-10769)\n\n - An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.(CVE-2020-13974)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1938)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757", "CVE-2020-10769", "CVE-2020-13974"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1938.NASL", "href": "https://www.tenable.com/plugins/nessus/140159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140159);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10757\",\n \"CVE-2020-10769\",\n \"CVE-2020-13974\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1938)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the way mremap handled DAX Huge\n Pages. This flaw allows a local attacker with access to\n a DAX enabled storage to escalate their privileges on\n the system.(CVE-2020-10757)\n\n - A buffer over-read flaw was found in\n crypto_authenc_extractkeys in crypto/authenc.c in the\n IPsec Cryptographic algorithm's module, authenc. When a\n payload longer than 4 bytes, and is not following\n 4-byte alignment boundary guidelines, it causes a\n buffer over-read threat, leading to a system crash.\n This flaw allows a local attacker with user privileges\n to cause a denial of service(CVE-2020-10769)\n\n - An issue was discovered in the Linux kernel through\n 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row,\n aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a\n security issue in this case.(CVE-2020-13974)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1938\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffe85afa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h460.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h460.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:43:46", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14283", "CVE-2019-14821", "CVE-2019-15239", "CVE-2019-15666"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4808.NASL", "href": "https://www.tenable.com/plugins/nessus/129515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4808.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14283\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4808.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.32.1.el6uek', '4.1.12-124.32.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4808');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-05T14:22:25", "description": "This update for the Linux Kernel 4.4.180-94_116 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171252).\n\nCVE-2020-1749: Fixed an issue where some ipv6 protocols were not encrypted over ipsec tunnel (bsc#1165631).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1779-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-1749"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1779-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1779-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138304);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2020-10757\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-1749\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1779-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.180-94_116 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have\nallowed local users to gain privileges or cause a denial of service\n(bsc#1171254).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have\nallowed a remote AP to trigger a heap-based buffer overflow\n(bsc#1171252).\n\nCVE-2020-1749: Fixed an issue where some ipv6 protocols were not\nencrypted over ipsec tunnel (bsc#1165631).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-1749/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201779-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80442239\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1779=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1779=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-debuginfo-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:22:24", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3221 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-31T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2020:3221)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2020-3221.NASL", "href": "https://www.tenable.com/plugins/nessus/139200", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3221. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139200);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3221\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2020:3221)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3221 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19527', 'CVE-2020-10757', 'CVE-2020-12653', 'CVE-2020-12654');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3221');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1127.18.2.rt56.1116.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1127.18.2.rt56.1116.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:48:02", "description": "Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.\n(CVE-2019-20908) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4426-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20908", "CVE-2020-10757", "CVE-2020-11935", "CVE-2020-15780"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4426-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138835", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4426-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138835);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-20908\", \"CVE-2020-10757\", \"CVE-2020-11935\", \"CVE-2020-15780\");\n script_xref(name:\"USN\", value:\"4426-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4426-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jason A. Donenfeld discovered that the ACPI implementation in the\nLinux kernel did not properly restrict loading SSDT code from an EFI\nvariable. A privileged attacker could use this to bypass Secure Boot\nlockdown restrictions and execute arbitrary code in the kernel.\n(CVE-2019-20908) Fan Yang discovered that the mremap implementation in\nthe Linux kernel did not properly handle DAX Huge Pages. A local\nattacker with access to DAX storage could use this to gain\nadministrative privileges. (CVE-2020-10757) Mauricio Faria de Oliveira\ndiscovered that the aufs implementation in the Linux kernel improperly\nmanaged inode reference counts in the vfsub_dentry_open() method. A\nlocal attacker could use this vulnerability to cause a denial of\nservice. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI\nimplementation in the Linux kernel did not properly restrict loading\nACPI tables via configfs. A privileged attacker could use this to\nbypass Secure Boot lockdown restrictions and execute arbitrary code in\nthe kernel. (CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4426-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15780\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-20908\", \"CVE-2020-10757\", \"CVE-2020-11935\", \"CVE-2020-15780\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4426-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1050-oracle\", pkgver:\"4.15.0-1050.54~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1079-aws\", pkgver:\"4.15.0-1079.83~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1080-gcp\", pkgver:\"4.15.0-1080.90~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1092-azure\", pkgver:\"4.15.0-1092.102~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-112-generic\", pkgver:\"4.15.0-112.113~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-112-generic-lpae\", pkgver:\"4.15.0-112.113~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-112-lowlatency\", pkgver:\"4.15.0-112.113~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1079.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1080.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1080.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1050.41\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1050-oracle\", pkgver:\"4.15.0-1050.54\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1066-gke\", pkgver:\"4.15.0-1066.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1067-raspi2\", pkgver:\"4.15.0-1067.71\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1071-kvm\", pkgver:\"4.15.0-1071.72\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1079-aws\", pkgver:\"4.15.0-1079.83\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1080-gcp\", pkgver:\"4.15.0-1080.90\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1083-snapdragon\", pkgver:\"4.15.0-1083.91\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1092-azure\", pkgver:\"4.15.0-1092.102\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1093-oem\", pkgver:\"4.15.0-1093.103\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-112-generic\", pkgver:\"4.15.0-112.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-112-generic-lpae\", pkgver:\"4.15.0-112.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-112-lowlatency\", pkgver:\"4.15.0-112.113\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-lts-18.04\", pkgver:\"4.15.0.1079.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp-lts-18.04\", pkgver:\"4.15.0.1080.96\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.112.100\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.112.100\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1066.68\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1066.68\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1071.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.112.100\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1093.96\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-lts-18.04\", pkgver:\"4.15.0.1050.59\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1067.65\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.112.100\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:47:22", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3220 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-31T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:3220)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-3220.NASL", "href": "https://www.tenable.com/plugins/nessus/139235", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3220 and\n# CentOS Errata and Security Advisory 2020:3220 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139235);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3220\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:3220)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3220 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-July/035780.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d164e5e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119, 120, 122, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-abi-whitelists-3.10.0-1127.18.2.el7', 'release':'CentOS-7'},\n {'reference':'kernel-debug-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-debug-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-headers-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-libs-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'perf-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'python-perf-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T20:57:41", "description": "The version of AOS installed on the remote host is prior to 5.18.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18.0.5 advisory.\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18.0.5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_18_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164566", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164566);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18.0.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.18.0.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.18.0.5 advisory.\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.18.0.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f35325f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.18.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.18.0.5 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.18.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.18.0.5 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:48:01", "description": "From Red Hat Security Advisory 2020:3220 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3220 advisory.\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nAs of 2020/10/12 this advisory has been retracted because it apparently does not fix any security problems relevant to already running systems.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-31T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2020-3220) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-3220.NASL", "href": "https://www.tenable.com/plugins/nessus/139219", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3220 and \n# Oracle Linux Security Advisory ELSA-2020-3220 respectively.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/10/12. Deprecated because security advisory was retracted\n# as being non-security related.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139219);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2019-19527\", \"CVE-2020-10757\", \"CVE-2020-12653\", \"CVE-2020-12654\");\n script_xref(name:\"RHSA\", value:\"2020:3220\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2020-3220) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:3220 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3220 advisory.\n\n - kernel: use-after-free caused by a malicious USB device\n in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during\n mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv\n function in drivers/net/wireless/marvell/mwifiex/scan.c\n (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in\n mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c\n (CVE-2020-12654)\n\nAs of 2020/10/12 this advisory has been retracted because it\napparently does not fix any security problems relevant to already\nrunning systems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-October/010334.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"n/a.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"As of 2020/10/12 this advisory has been retracted because it apparently does not fix any security problems relevant to already running systems.\");\n\n#if (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1127.18.2.el7\")) flag++;\n#if (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1127.18.2.el7\")) flag++;\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:21:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3220 advisory.\n\n - kernel: insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver may allow an unauthenticated user to potentially enable DoS via adjacent access (CVE-2019-0136)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:3220)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0136", "CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-3220.NASL", "href": "https://www.tenable.com/plugins/nessus/139199", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3220. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139199);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3220\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:3220)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3220 advisory.\n\n - kernel: insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver may allow an\n unauthenticated user to potentially enable DoS via adjacent access (CVE-2019-0136)\n\n - kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver\n (CVE-2019-19527)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027798\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-0136', 'CVE-2019-19527', 'CVE-2020-10757', 'CVE-2020-12653', 'CVE-2020-12654');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3220');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1127.18.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1127.18.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1127.18.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:22:24", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5756 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). (CVE-2019-19769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5756)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19769", "CVE-2020-0543", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-12655", "CVE-2020-12770"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5756.NASL", "href": "https://www.tenable.com/plugins/nessus/138488", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5756.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138488);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-19769\",\n \"CVE-2020-0543\",\n \"CVE-2020-10711\",\n \"CVE-2020-10757\",\n \"CVE-2020-12655\",\n \"CVE-2020-12770\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5756)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5756 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function\n (related to include/trace/events/lock.h). (CVE-2019-19769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5756.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2011.4.4.el7uek', '5.4.17-2011.4.4.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5756');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.4.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.4.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2011.4.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.4.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.4.4.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:46:02", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n (CVE-2017-14489)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2021-0140)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14489", "CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:bpftool", "p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0140_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/154551", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0140. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154551);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2017-14489\",\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2021-0140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows\n local users to cause a denial of service (panic) by leveraging incorrect length validation.\n (CVE-2017-14489)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0140\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2017-14489\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19527\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12888\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-core-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.18.242.g9e3f890.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.249.ge09b062'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:19:55", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4820 advisory.\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20855", "CVE-2019-10207", "CVE-2019-14283", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15221", "CVE-2019-15666"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4820.NASL", "href": "https://www.tenable.com/plugins/nessus/129841", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4820.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129841);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2018-20855\",\n \"CVE-2019-10207\",\n \"CVE-2019-14283\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15221\",\n \"CVE-2019-15666\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4820 advisory.\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of\n stack memory to userspace. (CVE-2018-20855)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before\n 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware\n could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a\n malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4820.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.6.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4820');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.6.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.6.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.6.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:20:57", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1596-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-10757", "CVE-2020-12114", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12656"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1596-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137611);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-10757\", \"CVE-2020-12114\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12656\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1596-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to\nhold an incorrect lock during the ioctl operation and trigger a race\ncondition (bsc#1171218).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have\nallowed local users to gain privileges or cause a denial of service\n(bsc#1171195).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have\nallowed a remote AP to trigger a heap-based buffer overflow\n(bsc#1171202).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release\ncalls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have\nallowed local users to cause a denial of service (panic) by corrupting\na mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12656/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201596-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb99ca27\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1596=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1596=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1596=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1596=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1596=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-1596=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1596=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1596=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-debuginfo-1-4.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.121.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.121.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:19:40", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1597-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0543", "CVE-2020-10757", "CVE-2020-12114", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12656"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1597-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1597-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137612);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-0543\", \"CVE-2020-10757\", \"CVE-2020-12114\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12656\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1597-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).\n\nCVE-2020-12656: Fixed an improper handling of certain domain_release\ncalls leadingch could have led to a memory leak (bsc#1171219).\n\nCVE-2020-12654: Fixed an issue in he wifi driver which could have\nallowed a remote AP to trigger a heap-based buffer overflow\n(bsc#1171202).\n\nCVE-2020-12653: Fixed an issue in the wifi driver which could have\nallowed local users to gain privileges or cause a denial of service\n(bsc#1171195).\n\nCVE-2020-12652: Fixed an issue which could have allowed local users to\nhold an incorrect lock during the ioctl operation and trigger a race\ncondition (bsc#1171218).\n\nCVE-2020-12114: Fixed A pivot_root race condition which could have\nallowed local users to cause a denial of service (panic) by corrupting\na mountpoint reference counter (bsc#1171098).\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172317).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12656/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201597-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13a87119\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1597=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1597=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1597=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1597=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-1597=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_135-default-1-3.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.135.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.135.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:47:21", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3041 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:3041)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-3041.NASL", "href": "https://www.tenable.com/plugins/nessus/138798", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3041. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138798);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3041\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:3041)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3041 advisory.\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the\n SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is\n available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the\n PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845868\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 248, 440);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-10757', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-12653', 'CVE-2020-12654', 'CVE-2020-12888');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3041');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.27.1.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.27.1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:34:21", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.\n (CVE-2017-14489)\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. (CVE-2017-18270)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0008)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14489", "CVE-2017-18270", "CVE-2019-19527", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888"], "modified": "2022-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0008_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/147273", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0008. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147273);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2017-14489\",\n \"CVE-2017-18270\",\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\"\n );\n script_bugtraq_id(101011, 104254);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0008)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows\n local users to cause a denial of service (panic) by leveraging incorrect length validation.\n (CVE-2017-14489)\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of service. (CVE-2017-18270)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.51.865.gdf848d6.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.49.889.g15c87cd'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T12:30:15", "description": "The version of kernel installed on the remote host is prior to 5.4.46-19.75. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-012 advisory.\n\n - relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. (CVE-2019-19462)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will.\n (CVE-2020-12768)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. (CVE-2020-13143)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-012)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19462", "CVE-2020-0543", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-12768", "CVE-2020-12770", "CVE-2020-13143"], "modified": "2022-06-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-012.NASL", "href": "https://www.tenable.com/plugins/nessus/160435", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-012.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160435);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/07\");\n\n script_cve_id(\n \"CVE-2019-19462\",\n \"CVE-2020-0543\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10757\",\n \"CVE-2020-12768\",\n \"CVE-2020-12770\",\n \"CVE-2020-13143\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-012)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.46-19.75. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-012 advisory.\n\n - relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of\n service (such as relay blockage) by triggering a NULL alloc_percpu result. (CVE-2019-19462)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in\n arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because\n it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will.\n (CVE-2020-12768)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies\n on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to\n trigger an out-of-bounds read, aka CID-15753588bcd4. (CVE-2020-13143)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-19462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-0543.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10732.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10751.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10757.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-12768.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-12770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-13143.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2019-19462\", \"CVE-2020-0543\", \"CVE-2020-10732\", \"CVE-2020-10751\", \"CVE-2020-10757\", \"CVE-2020-12768\", \"CVE-2020-12770\", \"CVE-2020-13143\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-012\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.46-19.75.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.46-19.75.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.46-19.75.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-07T15:06:21", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1493 advisory.\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:1493)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14895", "CVE-2019-14901", "CVE-2019-15031", "CVE-2019-15099", "CVE-2019-15666", "CVE-2019-19922", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-5108"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-1493.NASL", "href": "https://www.tenable.com/plugins/nessus/135685", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1493. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135685);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-5108\",\n \"CVE-2019-14895\",\n \"CVE-2019-14901\",\n \"CVE-2019-15031\",\n \"CVE-2019-15099\",\n \"CVE-2019-15666\",\n \"CVE-2019-19922\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1493\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:1493)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1493 advisory.\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via an interrupt\n (CVE-2019-15031)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash\n (CVE-2019-15099)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound\n applications (CVE-2019-19922)\n\n - kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)\n\n - kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication\n process has completed can lead to DoS (CVE-2019-5108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-5108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1747334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792512\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-abi-whitelists package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 122, 200, 400, 440, 772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-5108', 'CVE-2019-14895', 'CVE-2019-14901', 'CVE-2019-15031', 'CVE-2019-15099', 'CVE-2019-15666', 'CVE-2019-19922', 'CVE-2019-20054', 'CVE-2019-20095');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1493');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-abi-whitelists-4.14.0-115.19.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-abi-whitelists');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:23:26", "description": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. (CVE-2018-20669)\n\nA flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10768)\n\nA new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\nrelay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. (CVE-2019-19462)\n\nA logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. (CVE-2019-19462)\n\nA flaw was found in the Linux kernel's implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. (CVE-2019-19462)\n\nAn issue was discovered in the Linux kernel through 5.6.11.\nbtree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. (CVE-2020-12771)\n\nA flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. (CVE-2020-10732)\n\nA flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2020-1401)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2019-19462", "CVE-2020-0543", "CVE-2020-10732", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12771"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/138643", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1401.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138643);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-19462\", \"CVE-2020-0543\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-12771\");\n script_xref(name:\"ALAS\", value:\"2020-1401\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2020-1401)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue where a provided address with access_ok() is not checked was\ndiscovered in i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through\n4.19.13. A local attacker can craft a malicious IOCTL function call to\noverwrite arbitrary kernel memory, resulting in a Denial of Service or\nprivilege escalation. (CVE-2018-20669)\n\nA flaw was found in the prctl() function, where it can be used to\nenable indirect branch speculation after it has been disabled. This\ncall incorrectly reports it as being 'force disabled' when it is not\nand opens the system to Spectre v2 attacks. The highest threat from\nthis vulnerability is to confidentiality. (CVE-2020-10768)\n\nA new domain bypass transient execution attack known as Special\nRegister Buffer Data Sampling (SRBDS) has been found. This flaw allows\ndata values from special internal registers to be leaked by an\nattacker able to execute code on any core of the CPU. An unprivileged,\nlocal attacker can use this flaw to infer values returned by affected\ninstructions known to be commonly used during cryptographic operations\nthat rely on uniqueness, secrecy, or both. Incomplete cleanup from\nspecific special register read operations in some Intel(R) Processors\nmay allow an authenticated user to potentially enable information\ndisclosure via local access. (CVE-2020-0543)\n\nrelay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows\nlocal users to cause a denial of service (such as relay blockage) by\ntriggering a NULL alloc_percpu result. (CVE-2019-19462)\n\nA logic bug flaw was found in the Linux kernel's implementation of\nSSBD. A bug in the logic handling allows an attacker with a local\naccount to disable SSBD protection during a context switch when\nadditional speculative execution mitigations are in place. This issue\nwas introduced when the per task/process conditional STIPB switching\nwas added on top of the existing SSBD switching. The highest threat\nfrom this vulnerability is to confidentiality. (CVE-2019-19462)\n\nA flaw was found in the Linux kernel's implementation of the Enhanced\nIBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be\ndisabled when STIBP is not available or when the Enhanced Indirect\nBranch Restricted Speculation (IBRS) is available. This flaw allows a\nlocal attacker to perform a Spectre V2 style attack when this\nconfiguration is active. The highest threat from this vulnerability is\nto confidentiality. (CVE-2019-19462)\n\nAn issue was discovered in the Linux kernel through 5.6.11.\nbtree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a\ncoalescing operation fails. (CVE-2020-12771)\n\nA flaw was found in the Linux kernel's implementation of Userspace\ncore dumps. This flaw allows an attacker with a local account to crash\na trivial program and exfiltrate private kernel data. (CVE-2020-10732)\n\nA flaw was found in the Linux Kernel in versions after 4.5-rc1 in the\nway mremap handled DAX Huge Pages. This flaw allows a local attacker\nwith access to a DAX enabled storage to escalate their privileges on\nthe system. (CVE-2020-10757)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1401.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.186-110.268.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.186-110.268.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:25:19", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3016 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: kvm: Information leak within a KVM guest (CVE-2019-3016)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2020:3016)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19807", "CVE-2019-3016", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2020-3016.NASL", "href": "https://www.tenable.com/plugins/nessus/138807", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3016. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138807);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-3016\",\n \"CVE-2019-19807\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3016\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2020:3016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3016 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: kvm: Information leak within a KVM guest (CVE-2019-3016)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the\n SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is\n available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the\n PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845868\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19807\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 200, 248, 362, 416, 440);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-3016', 'CVE-2019-19807', 'CVE-2020-10757', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-12653', 'CVE-2020-12654', 'CVE-2020-12888');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3016');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.13.2.rt13.65.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:22:26", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3010 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: kvm: Information leak within a KVM guest (CVE-2019-3016)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:3010)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19807", "CVE-2019-3016", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-3010.NASL", "href": "https://www.tenable.com/plugins/nessus/138805", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3010. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138805);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-3016\",\n \"CVE-2019-19807\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3010\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:3010)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3010 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: kvm: Information leak within a KVM guest (CVE-2019-3016)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the\n SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is\n available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the\n PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845868\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19807\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 200, 248, 362, 416, 440);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-3016', 'CVE-2019-19807', 'CVE-2020-10757', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-12653', 'CVE-2020-12654', 'CVE-2020-12888');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3010');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.13.2.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.13.2.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.13.2.el8_2', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.13.2.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.13.2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.13.2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.13.2.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.13.2.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.13.2.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.13.2.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.13.2.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.13.2.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T14:17:28", "description": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. (CVE-2018-20669)\n\nA flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10768)\n\nrelay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. (CVE-2019-19462)\n\nA logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10766)\n\nA flaw was found in the Linux kernel's implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. ( CVE-2020-10767)\n\nAn issue was discovered in the Linux kernel through 5.6.11.\nbtree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. (CVE-2020-12771)\n\nA flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. (CVE-2020-10732)\n\nA flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1465)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2019-19462", "CVE-2020-0543", "CVE-2020-10732", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12771"], "modified": "2023-02-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.186-146.268", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/138854", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1465.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138854);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/20\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-19462\",\n \"CVE-2020-0543\",\n \"CVE-2020-10732\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-12771\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1465\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1465)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An issue where a provided address with access_ok() is not checked was\ndiscovered in i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through\n4.19.13. A local attacker can craft a malicious IOCTL function call to\noverwrite arbitrary kernel memory, resulting in a Denial of Service or\nprivilege escalation. (CVE-2018-20669)\n\nA flaw was found in the prctl() function, where it can be used to\nenable indirect branch speculation after it has been disabled. This\ncall incorrectly reports it as being 'force disabled' when it is not\nand opens the system to Spectre v2 attacks. The highest threat from\nthis vulnerability is to confidentiality. (CVE-2020-10768)\n\nrelay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows\nlocal users to cause a denial of service (such as relay blockage) by\ntriggering a NULL alloc_percpu result. (CVE-2019-19462)\n\nA logic bug flaw was found in the Linux kernel's implementation of\nSSBD. A bug in the logic handling allows an attacker with a local\naccount to disable SSBD protection during a context switch when\nadditional speculative execution mitigations are in place. This issue\nwas introduced when the per task/process conditional STIPB switching\nwas added on top of the existing SSBD switching. The highest threat\nfrom this vulnerability is to confidentiality. (CVE-2020-10766)\n\nA flaw was found in the Linux kernel's implementation of the Enhanced\nIBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be\ndisabled when STIBP is not available or when the Enhanced Indirect\nBranch Restricted Speculation (IBRS) is available. This flaw allows a\nlocal attacker to perform a Spectre V2 style attack when this\nconfiguration is active. The highest threat from this vulnerability is\nto confidentiality. ( CVE-2020-10767)\n\nAn issue was discovered in the Linux kernel through 5.6.11.\nbtree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a\ncoalescing operation fails. (CVE-2020-12771)\n\nA flaw was found in the Linux kernel's implementation of Userspace\ncore dumps. This flaw allows an attacker with a local account to crash\na trivial program and exfiltrate private kernel data. (CVE-2020-10732)\n\nA flaw was found in the Linux Kernel in versions after 4.5-rc1 in the\nway mremap handled DAX Huge Pages. This flaw allows a local attacker\nwith access to a DAX enabled storage to escalate their privileges on\nthe system. (CVE-2020-10757)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1465.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-20669.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-19462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-0543.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10732.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10757.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10766.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10767.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10768.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-12771.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20669\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10757\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.186-146.268\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2018-20669\", \"CVE-2019-19462\", \"CVE-2020-0543\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-12771\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1465\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.186-146.268.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.186-146.268-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.186-146.268.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.186-146.268.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:23:25", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3222 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\n - kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:3222)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19807", "CVE-2019-20908", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888", "CVE-2020-15780"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-3222.NASL", "href": "https://www.tenable.com/plugins/nessus/139187", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3222. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139187);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19807\",\n \"CVE-2019-20908\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\",\n \"CVE-2020-15780\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3222\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:3222)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3222 advisory.\n\n - kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n - kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)\n\n - kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n - kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the\n SSBD protection. (CVE-2020-10766)\n\n - kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is\n available. (CVE-2020-10767)\n\n - kernel: Indirect branch speculation can be enabled after it was force-disabled by the\n PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)\n\n - kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in\n drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n - kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in\n drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\n - kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1831868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1836244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852962\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12653\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 120, 122, 248, 284, 416, 440);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19807', 'CVE-2019-20908', 'CVE-2020-10757', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-12653', 'CVE-2020-12654', 'CVE-2020-12888', 'CVE-2020-15780');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3222');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.24.2.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.24.2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:21:57", "description": "It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash).\n(CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.\n(CVE-2019-20908) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable indirect branch speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact.\n(CVE-2020-13974) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16089", "CVE-2019-19462", "CVE-2019-20810", "CVE-2019-20908", "CVE-2020-10732", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-11935", "CVE-2020-13974", "CVE-2020-15780"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4440-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4440-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139028);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-16089\", \"CVE-2019-19462\", \"CVE-2019-20810\", \"CVE-2019-20908\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-11935\", \"CVE-2020-13974\", \"CVE-2020-15780\");\n script_xref(name:\"USN\", value:\"4440-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the network block device (nbd) implementation\nin the Linux kernel did not properly check for error conditions in\nsome situations. An attacker could possibly use this to cause a denial\nof service (system crash). (CVE-2019-16089) It was discovered that the\nkernel->user space relay implementation in the Linux kernel did not\nproperly check return values in some situations. A local attacker\ncould possibly use this to cause a denial of service (system crash).\n(CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device\ndriver in the Linux kernel did not properly deallocate memory in some\nfailure conditions. A physically proximate attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-20810) Jason\nA. Donenfeld discovered that the ACPI implementation in the Linux\nkernel did not properly restrict loading SSDT code from an EFI\nvariable. A privileged attacker could use this to bypass Secure Boot\nlockdown restrictions and execute arbitrary code in the kernel.\n(CVE-2019-20908) It was discovered that the elf handling code in the\nLinux kernel did not initialize memory before using it in certain\nsituations. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2020-10732) Fan Yang\ndiscovered that the mremap implementation in the Linux kernel did not\nproperly handle DAX Huge Pages. A local attacker with access to DAX\nstorage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not\ncorrectly apply Speculative Store Bypass Disable (SSBD) mitigations in\ncertain situations. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10766) It was discovered that the\nLinux kernel did not correctly apply Indirect Branch Predictor Barrier\n(IBPB) mitigations in certain situations. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-10767) It\nwas discovered that the Linux kernel could incorrectly enable indirect\nbranch speculation after it has been disabled for a process via a\nprctl() call. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira\ndiscovered that the aufs implementation in the Linux kernel improperly\nmanaged inode reference counts in the vfsub_dentry_open() method. A\nlocal attacker could use this vulnerability to cause a denial of\nservice. (CVE-2020-11935) It was discovered that the Virtual Terminal\nkeyboard driver in the Linux kernel contained an integer overflow. A\nlocal attacker could possibly use this to have an unspecified impact.\n(CVE-2020-13974) Jason A. Donenfeld discovered that the ACPI\nimplementation in the Linux kernel did not properly restrict loading\nACPI tables via configfs. A privileged attacker could use this to\nbypass Secure Boot lockdown restrictions and execute arbitrary code in\nthe kernel. (CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4440-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15780\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-16089\", \"CVE-2019-19462\", \"CVE-2019-20810\", \"CVE-2019-20908\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-11935\", \"CVE-2020-13974\", \"CVE-2020-15780\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4440-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1030-oracle\", pkgver:\"5.3.0-1030.32~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1030-raspi2\", pkgver:\"5.3.0-1030.32~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1032-aws\", pkgver:\"5.3.0-1032.34~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1032-gcp\", pkgver:\"5.3.0-1032.34~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1032-gke\", pkgver:\"5.3.0-1032.34~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1034-azure\", pkgver:\"5.3.0-1034.35~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-64-generic\", pkgver:\"5.3.0-64.58~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-64-generic-lpae\", pkgver:\"5.3.0-64.58~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-64-lowlatency\", pkgver:\"5.3.0-64.58~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.3.0.1034.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.3.0.1032.26\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.3\", pkgver:\"5.3.0.1032.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gkeop-5.3\", pkgver:\"5.3.0.64.120\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.3.0.1030.27\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.3-aws / linux-image-5.3-azure / linux-image-5.3-gcp / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:19:39", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM.\n\n - CVE-2019-19462 The syzkaller tool found a missing error check in the 'relay' library used to implement various files under debugfs. A local user permitted to access debugfs could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\n - CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU.\n Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs.\n\n This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian's non-free archive section. This kernel update only provides reporting of the vulnerability and the option to disable the mitigation if it is not needed.\n\n - CVE-2020-10711 Matthew Sheets reported NULL pointer dereference issues in the SELinux subsystem while receiving CIPSO packet with null category. A remote attacker can take advantage of this flaw to cause a denial of service (crash). Note that this issue does not affect the binary packages distributed in Debian as CONFIG_NETLABEL is not enabled.\n\n - CVE-2020-10732 An information leak of kernel private memory to userspace was found in the kernel's implementation of core dumping userspace processes.\n\n - CVE-2020-10751 Dmitry Vyukov reported that the SELinux subsystem did not properly handle validating multiple messages, which could allow a privileged attacker to bypass SELinux netlink restrictions.\n\n - CVE-2020-10757 Fan Yang reported a flaw in the way mremap handled DAX hugepages, allowing a local user to escalate their privileges.\n\n - CVE-2020-12114 Piotr Krysiuk discovered a race condition between the umount and pivot_root operations in the filesystem core (vfs). A local user with the CAP_SYS_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\n - CVE-2020-12464 Kyungtae Kim reported a race condition in the USB core that can result in a use-after-free. It is not clear how this can be exploited, but it could result in a denial of service (crash or memory corruption) or privilege escalation.\n\n - CVE-2020-12768 A bug was discovered in the KVM implementation for AMD processors, which could result in a memory leak. The security impact of this is unclear.\n\n - CVE-2020-12770 It was discovered that the sg (SCSI generic) driver did not correctly release internal resources in a particular error case. A local user permitted to access an sg device could possibly use this to cause a denial of service (resource exhaustion).\n\n - CVE-2020-13143 Kyungtae Kim reported a potential heap out-of-bounds write in the USB gadget subsystem. A local user permitted to write to the gadget configuration filesystem could use this to cause a denial of service (crash or memory corruption) or potentially for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-11T00:00:00", "type": "nessus", "title": "Debian DSA-4699-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19462", "CVE-2019-3016", "CVE-2020-0543", "CVE-2020-10711", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-12114", "CVE-2020-12464", "CVE-2020-12768", "CVE-2020-12770", "CVE-2020-13143"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4699.NASL", "href": "https://www.tenable.com/plugins/nessus/137341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4699. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137341);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2019-19462\", \"CVE-2019-3016\", \"CVE-2020-0543\", \"CVE-2020-10711\", \"CVE-2020-10732\", \"CVE-2020-10751\", \"CVE-2020-10757\", \"CVE-2020-12114\", \"CVE-2020-12464\", \"CVE-2020-12768\", \"CVE-2020-12770\", \"CVE-2020-13143\");\n script_xref(name:\"DSA\", value:\"4699\");\n\n script_name(english:\"Debian DSA-4699-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2019-3016\n It was discovered that the KVM implementation for x86\n did not always perform TLB flushes when needed, if the\n paravirtualised TLB flush feature was enabled. This\n could lead to disclosure of sensitive information within\n a guest VM.\n\n - CVE-2019-19462\n The syzkaller tool found a missing error check in the\n 'relay' library used to implement various files under\n debugfs. A local user permitted to access debugfs could\n use this to cause a denial of service (crash) or\n possibly for privilege escalation.\n\n - CVE-2020-0543\n Researchers at VU Amsterdam discovered that on some\n Intel CPUs supporting the RDRAND and RDSEED\n instructions, part of a random value generated by these\n instructions may be used in a later speculative\n execution on any core of the same physical CPU.\n Depending on how these instructions are used by\n applications, a local user or VM guest could use this to\n obtain sensitive information such as cryptographic keys\n from other users or VMs.\n\n This vulnerability can be mitigated by a microcode update, either as\n part of system firmware (BIOS) or through the intel-microcode\n package in Debian's non-free archive section. This kernel update\n only provides reporting of the vulnerability and the option to\n disable the mitigation if it is not needed.\n\n - CVE-2020-10711\n Matthew Sheets reported NULL pointer dereference issues\n in the SELinux subsystem while receiving CIPSO packet\n with null category. A remote attacker can take advantage\n of this flaw to cause a denial of service (crash). Note\n that this issue does not affect the binary packages\n distributed in Debian as CONFIG_NETLABEL is not enabled.\n\n - CVE-2020-10732\n An information leak of kernel private memory to\n userspace was found in the kernel's implementation of\n core dumping userspace processes.\n\n - CVE-2020-10751\n Dmitry Vyukov reported that the SELinux subsystem did\n not properly handle validating multiple messages, which\n could allow a privileged attacker to bypass SELinux\n netlink restrictions.\n\n - CVE-2020-10757\n Fan Yang reported a flaw in the way mremap handled DAX\n hugepages, allowing a local user to escalate their\n privileges.\n\n - CVE-2020-12114\n Piotr Krysiuk discovered a race condition between the\n umount and pivot_root operations in the filesystem core\n (vfs). A local user with the CAP_SYS_ADMIN capability in\n any user namespace could use this to cause a denial of\n service (crash).\n\n - CVE-2020-12464\n Kyungtae Kim reported a race condition in the USB core\n that can result in a use-after-free. It is not clear how\n this can be exploited, but it could result in a denial\n of service (crash or memory corruption) or privilege\n escalation.\n\n - CVE-2020-12768\n A bug was discovered in the KVM implementation for AMD\n processors, which could result in a memory leak. The\n security impact of this is unclear.\n\n - CVE-2020-12770\n It was discovered that the sg (SCSI generic) driver did\n not correctly release internal resources in a particular\n error case. A local user permitted to access an sg\n device could possibly use this to cause a denial of\n service (resource exhaustion).\n\n - CVE-2020-13143\n Kyungtae Kim reported a potential heap out-of-bounds\n write in the USB gadget subsystem. A local user\n permitted to write to the gadget configuration\n filesystem could use this to cause a denial of service\n (crash or memory corruption) or potentially for\n privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-19462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-0543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-13143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4699\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.118-2+deb10u1. This version also fixes some related\nbugs that do not have their own CVE IDs, and a regression in the\n<linux/swab.h> UAPI header introduced in the previous point release\n(bug #960271).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12464\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.118-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-14T14:59:05", "description": "Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion).\n(CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4483-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20810", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-12656", "CVE-2020-12771", "CVE-2020-13974", "CVE-2020-14356", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4483-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4483-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140181);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-20810\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-10781\", \"CVE-2020-12655\", \"CVE-2020-12656\", \"CVE-2020-12771\", \"CVE-2020-13974\", \"CVE-2020-14356\", \"CVE-2020-15393\", \"CVE-2020-24394\");\n script_xref(name:\"USN\", value:\"4483-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4483-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chuhong Yuan discovered that go7007 USB audio device driver in the\nLinux kernel did not properly deallocate memory in some failure\nconditions. A physically proximate attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2019-20810) Fan Yang\ndiscovered that the mremap implementation in the Linux kernel did not\nproperly handle DAX Huge Pages. A local attacker with access to DAX\nstorage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not\ncorrectly apply Speculative Store Bypass Disable (SSBD) mitigations in\ncertain situations. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10766) It was discovered that the\nLinux kernel did not correctly apply Indirect Branch Predictor Barrier\n(IBPB) mitigations in certain situations. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-10767) It\nwas discovered that the Linux kernel could incorrectly enable Indirect\nBranch Speculation after it has been disabled for a process via a\nprctl() call. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10768) Luca Bruno discovered that the\nzram module in the Linux kernel did not properly restrict unprivileged\nusers from accessing the hot_add sysfs file. A local attacker could\nuse this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system\nimplementation in the Linux kernel did not properly validate meta data\nin some circumstances. An attacker could use this to construct a\nmalicious XFS image that, when mounted, could cause a denial of\nservice. (CVE-2020-12655) It was discovered that the bcache subsystem\nin the Linux kernel did not properly release a lock in some error\nconditions. A local attacker could possibly use this to cause a denial\nof service. (CVE-2020-12771) It was discovered that the Virtual\nTerminal keyboard driver in the Linux kernel contained an integer\noverflow. A local attacker could possibly use this to have an\nunspecified impact. (CVE-2020-13974) It was discovered that the cgroup\nv2 subsystem in the Linux kernel did not properly perform reference\ncounting in some situations, leading to a NULL pointer dereference. A\nlocal attacker could use this to cause a denial of service or possibly\ngain administrative privileges. (CVE-2020-14356) Kyungtae Kim\ndiscovered that the USB testing driver in the Linux kernel did not\nproperly deallocate memory on disconnect events. A physically\nproximate attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2020-15393) It was discovered that the NFS server\nimplementation in the Linux kernel did not properly honor umask\nsettings when setting permissions while creating file system objects\nif the underlying file system did not support ACLs. An attacker could\npossibly use this to expose sensitive information or violate system\nintegrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC\nGSS implementation in the Linux kernel did not properly deallocate\nmemory on module unload. A local privileged attacker could possibly\nuse this to cause a denial of service (memory exhaustion).\n(CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4483-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14356\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-20810\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-10781\", \"CVE-2020-12655\", \"CVE-2020-12656\", \"CVE-2020-12771\", \"CVE-2020-13974\", \"CVE-2020-14356\", \"CVE-2020-15393\", \"CVE-2020-24394\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4483-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-1016-raspi\", pkgver:\"5.4.0-1016.17~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-1022-aws\", pkgver:\"5.4.0-1022.22~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-1022-gcp\", pkgver:\"5.4.0-1022.22~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-1022-oracle\", pkgver:\"5.4.0-1022.22~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-1023-azure\", pkgver:\"5.4.0-1023.23~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-45-generic\", pkgver:\"5.4.0-45.49~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-45-generic-lpae\", pkgver:\"5.4.0-45.49~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.4.0-45-lowlatency\", pkgver:\"5.4.0-45.49~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-edge\", pkgver:\"5.4.0.1022.8\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.4.0.1023.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.4.0.1022.9\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.4\", pkgver:\"5.4.0.1022.9\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.4.0.1022.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi-hwe-18.04\", pkgver:\"5.4.0.1016.20\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1016-raspi\", pkgver:\"5.4.0-1016.17\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1022-aws\", pkgver:\"5.4.0-1022.22\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1022-gcp\", pkgver:\"5.4.0-1022.22\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1022-oracle\", pkgver:\"5.4.0-1022.22\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-1023-azure\", pkgver:\"5.4.0-1023.23\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-45-generic\", pkgver:\"5.4.0-45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-45-generic-lpae\", pkgver:\"5.4.0-45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-5.4.0-45-lowlatency\", pkgver:\"5.4.0-45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-aws\", pkgver:\"5.4.0.1022.23\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-azure\", pkgver:\"5.4.0.1023.22\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.4.0.1022.20\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic\", pkgver:\"5.4.0.45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.4.0.45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-gke\", pkgver:\"5.4.0.1022.20\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.4.0.1021.20\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.4.0.45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oem\", pkgver:\"5.4.0.45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.4.0.45.49\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.4.0.1022.20\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-raspi\", pkgver:\"5.4.0.1016.51\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.4.0.1016.51\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.4.0.45.49\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.4-aws / linux-image-5.4-azure / linux-image-5.4-gcp / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-26T02:44:36", "description": "The version of AOS installed on the remote host is prior to 5.18.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18.1 advisory.\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11022)\n\n - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n (CVE-2020-11023)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14556)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14577)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14578, CVE-2020-14579)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-14621)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18.1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10757", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-14556", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14583", "CVE-2020-14593", "CVE-2020-14621"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:2.3:o:nutanix:aos:*:*:*:*:*:*:*:*"], "id": "NUTANIX_NXSA-AOS-5_18_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164569", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164569);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-19527\",\n \"CVE-2020-10757\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-14556\",\n \"CVE-2020-14577\",\n \"CVE-2020-14578\",\n \"CVE-2020-14579\",\n \"CVE-2020-14583\",\n \"CVE-2020-14593\",\n \"CVE-2020-14621\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.18.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.18.1 advisory.\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources -\n even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and\n others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11022)\n\n - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>\n elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods\n (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\n (CVE-2020-11023)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as\n unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client\n and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14556)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14577)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and\n server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14578, CVE-2020-14579)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability\n does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code\n installed by an administrator). (CVE-2020-14583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in unauthorized creation,\n deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2020-14593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability can only be exploited by supplying data to APIs in the specified Component without using\n Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-14621)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.18.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d34b03a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19527\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14583\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.18.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.18.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.18.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.18.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T14:46:21", "description": "It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations.\nA local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable indirect branch speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact.\n(CVE-2020-13974) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) Jason A.\nDonenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.\n(CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12380", "CVE-2019-16089", "CVE-2019-19036", "CVE-2019-19462", "CVE-2019-20810", "CVE-2019-20908", "CVE-2020-10732", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-11935", "CVE-2020-13974", "CVE-2020-15780"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4439-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139027", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4439-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139027);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-12380\", \"CVE-2019-16089\", \"CVE-2019-19036\", \"CVE-2019-19462\", \"CVE-2019-20810\", \"CVE-2019-20908\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-11935\", \"CVE-2020-13974\", \"CVE-2020-15780\");\n script_xref(name:\"USN\", value:\"4439-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the network block device (nbd) implementation\nin the Linux kernel did not properly check for error conditions in\nsome situations. An attacker could possibly use this to cause a denial\nof service (system crash). (CVE-2019-16089) It was discovered that the\nbtrfs file system implementation in the Linux kernel did not properly\nvalidate file system metadata in some situations. An attacker could\nuse this to construct a malicious btrfs image that, when mounted,\ncould cause a denial of service (system crash). (CVE-2019-19036) It\nwas discovered that the kernel->user space relay implementation in the\nLinux kernel did not properly check return values in some situations.\nA local attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2019-19462) Chuhong Yuan discovered that go7007\nUSB audio device driver in the Linux kernel did not properly\ndeallocate memory in some failure conditions. A physically proximate\nattacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-20810) It was discovered that the elf handling\ncode in the Linux kernel did not initialize memory before using it in\ncertain situations. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2020-10732) Fan Yang\ndiscovered that the mremap implementation in the Linux kernel did not\nproperly handle DAX Huge Pages. A local attacker with access to DAX\nstorage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not\ncorrectly apply Speculative Store Bypass Disable (SSBD) mitigations in\ncertain situations. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10766) It was discovered that the\nLinux kernel did not correctly apply Indirect Branch Predictor Barrier\n(IBPB) mitigations in certain situations. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-10767) It\nwas discovered that the Linux kernel could incorrectly enable indirect\nbranch speculation after it has been disabled for a process via a\nprctl() call. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira\ndiscovered that the aufs implementation in the Linux kernel improperly\nmanaged inode reference counts in the vfsub_dentry_open() method. A\nlocal attacker could use this vulnerability to cause a denial of\nservice. (CVE-2020-11935) It was discovered that the Virtual Terminal\nkeyboard driver in the Linux kernel contained an integer overflow. A\nlocal attacker could possibly use this to have an unspecified impact.\n(CVE-2020-13974) It was discovered that the efi subsystem in the Linux\nkernel did not handle memory allocation failures during early boot in\nsome situations. A local attacker could possibly use this to cause a\ndenial of service (system crash). (CVE-2019-12380) Jason A. Donenfeld\ndiscovered that the ACPI implementation in the Linux kernel did not\nproperly restrict loading SSDT code from an EFI variable. A privileged\nattacker could use this to bypass Secure Boot lockdown restrictions\nand execute arbitrary code in the kernel. (CVE-2019-20908) Jason A.\nDonenfeld discovered that the ACPI implementation in the Linux kernel\ndid not properly restrict loading ACPI tables via configfs. A\nprivileged attacker could use this to bypass Secure Boot lockdown\nrestrictions and execute arbitrary code in the kernel.\n(CVE-2020-15780).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4439-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15780\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-12380\", \"CVE-2019-16089\", \"CVE-2019-19036\", \"CVE-2019-19462\", \"CVE-2019-20810\", \"CVE-2019-20908\", \"CVE-2020-10732\", \"CVE-2020-10757\", \"CVE-2020-10766\", \"CVE-2020-10767\", \"CVE-2020-10768\", \"CVE-2020-11935\", \"CVE-2020-13974\", \"CVE-2020-15780\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4439-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1045-gke\", pkgver:\"5.0.0-1045.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1065-oem-osp1\", pkgver:\"5.0.0-1065.70\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1045.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.0.0.1065.63\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-gke / linux-image-5.0-oem-osp1 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-11T15:46:04", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nThis updated advisory text mentions the additional non-security changes and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi connectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the 'KNOB attack'. An attacker that is nearby during pairing could use this to weaken the encryption used between the paired devices, and then to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum encryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility could be used to cause integer overflow in page reference counts, leading to a use-after-free. On a system with sufficient physical memory, a local user permitted to create arbitrary FUSE mounts could use this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE filesystems through fusermount, which limits the number of mounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work correctly if more than one device is bound to it. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the sisusbvga driver could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB devices' maximum packet sizes, which could lead to a heap buffer overrun. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk protocol implementation, which could lead to a use-after-free. The security impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp command failed due to a disk quota. A local user on a system using XFS and disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network transformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace) could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did not correctly handle failure to discover devices beyond a SAS expander. This could lead to a resource leak and crash (BUG). The security impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet driver, which could lead to a NULL pointer dereference and crash (BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate traffic class numbers in received control packets, leading to out-of-bounds memory accesses. A nearby attacker on the same wifi network could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.189-3. This version also includes a fix for Debian bug #930904, and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "Debian DLA-1919-2 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0136", "CVE-2019-11487", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-9506"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1919.NASL", "href": "https://www.tenable.com/plugins/nessus/128779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1919-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128779);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-11487\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15807\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-9506\");\n\n script_name(english:\"Debian DLA-1919-2 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nThis updated advisory text mentions the additional non-security\nchanges and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen\ndiscovered a weakness in the Bluetooth pairing protocols, dubbed the\n'KNOB attack'. An attacker that is nearby during pairing could use\nthis to weaken the encryption used between the paired devices, and\nthen to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum\nencryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility\ncould be used to cause integer overflow in page reference counts,\nleading to a use-after-free. On a system with sufficient physical\nmemory, a local user permitted to create arbitrary FUSE mounts could\nuse this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE\nfilesystems through fusermount, which limits the number of\nmounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could\nlead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work\ncorrectly if more than one device is bound to it. An attacker able to\nadd USB devices could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that\nUSB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the\nsisusbvga driver could lead to a NULL pointer dereference. An attacker\nable to add USB devices could use this to cause a denial of service\n(BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which\ncould lead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB\ndevices' maximum packet sizes, which could lead to a heap buffer\noverrun. An attacker able to add USB devices could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk\nprotocol implementation, which could lead to a use-after-free. The\nsecurity impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp\ncommand failed due to a disk quota. A local user on a system using XFS\nand disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network\ntransformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace)\ncould use this to cause a denial of service (memory corruption or\ncrash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did\nnot correctly handle failure to discover devices beyond a SAS\nexpander. This could lead to a resource leak and crash (BUG). The\nsecurity impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet\ndriver, which could lead to a NULL pointer dereference and crash\n(BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate\ntraffic class numbers in received control packets, leading to\nout-of-bounds memory accesses. A nearby attacker on the same wifi\nnetwork could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.189-3. This version also includes a fix for Debian bug #930904,\nand other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.189-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:24:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932(CVE-2020-0009)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.(CVE-2020-10757)\n\n - go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.(CVE-2019-20810)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9445)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.(CVE-2019-20812)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.(CVE-2020-13974)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)\n\n - A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10768)\n\n - A flaw was found in the Linux kernel's implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10767)\n\n - A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10766)\n\n - A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.(CVE-2020-0543)\n\n - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.(CVE-2020-14416)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.(CVE-2019-18282)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)\n\n - A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18282", "CVE-2019-20810", "CVE-2019-20811", "CVE-2019-20812", "CVE-2019-9445", "CVE-2020-0009", "CVE-2020-0543", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12888", "CVE-2020-13974", "CVE-2020-14416", "CVE-2020-15393"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1892.NASL", "href": "https://www.tenable.com/plugins/nessus/139995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139995);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18282\",\n \"CVE-2019-20810\",\n \"CVE-2019-20811\",\n \"CVE-2019-20812\",\n \"CVE-2019-9445\",\n \"CVE-2020-0009\",\n \"CVE-2020-0543\",\n \"CVE-2020-10751\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-10781\",\n \"CVE-2020-12888\",\n \"CVE-2020-13974\",\n \"CVE-2020-14416\",\n \"CVE-2020-15393\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In calc_vm_may_flags of ashmem.c, there is a possible\n arbitrary write to shared memory due to a permissions\n bypass. This could lead to local escalation of\n privilege by corrupting memory shared between\n processes, with no additional execution privileges\n needed. User interaction is not needed for\n exploitation. Product: Android Versions: Android kernel\n Android ID: A-142938932(CVE-2020-0009)\n\n - A flaw was found in the Linux Kernel in versions after\n 4.5-rc1 in the way mremap handled DAX Huge Pages. This\n flaw allows a local attacker with access to a DAX\n enabled storage to escalate their privileges on the\n system.(CVE-2020-10757)\n\n - go7007_snd_init in\n drivers/media/usb/go7007/snd-go7007.c in the Linux\n kernel before 5.6 does not call snd_card_free for a\n failure path, which causes a memory leak, aka\n CID-9453264ef586.(CVE-2019-20810)\n\n - In the Android kernel in F2FS driver there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with system execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9445)\n\n - A flaw was found in the Linux kernels SELinux LSM hook\n implementation before version 5.7, where it incorrectly\n assumed that an skb would only contain a single netlink\n message. The hook would incorrectly only validate the\n first netlink message in the skb and allow or deny the\n rest of the messages within the skb with the granted\n permission without further processing.(CVE-2020-10751)\n\n - An issue was discovered in the Linux kernel before\n 5.4.7. The prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of\n service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka\n CID-b43d1f9f7067.(CVE-2019-20812)\n\n - ** DISPUTED ** An issue was discovered in the Linux\n kernel through 5.7.1. drivers/tty/vt/keyboard.c has an\n integer overflow if k_ascii is called several times in\n a row, aka CID-b86dab054059. NOTE: Members in the\n community argue that the integer overflow does not lead\n to a security issue in this case.(CVE-2020-13974)\n\n - An issue was discovered in the Linux kernel before\n 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a\n reference count is mishandled, aka\n CID-a3e23f719f5c.(CVE-2019-20811)\n\n - A flaw was found in the prctl() function, where it can\n be used to enable indirect branch speculation after it\n has been disabled. This call incorrectly reports it as\n being 'force disabled' when it is not and opens the\n system to Spectre v2 attacks. The highest threat from\n this vulnerability is to\n confidentiality.(CVE-2020-10768)\n\n - A flaw was found in the Linux kernel's implementation\n of the Enhanced IBPB (Indirect Branch Prediction\n Barrier). The IBPB mitigation will be disabled when\n STIBP is not available or when the Enhanced Indirect\n Branch Restricted Speculation (IBRS) is available. This\n flaw allows a local attacker to perform a Spectre V2\n style attack when this configuration is active. The\n highest threat from this vulnerability is to\n confidentiality.(CVE-2020-10767)\n\n - A logic bug flaw was found in the Linux kernel's\n implementation of SSBD. A bug in the logic handling\n allows an attacker with a local account to disable SSBD\n protection during a context switch when additional\n speculative execution mitigations are in place. This\n issue was introduced when the per task/process\n conditional STIPB switching was added on top of the\n existing SSBD switching. The highest threat from this\n vulnerability is to confidentiality.(CVE-2020-10766)\n\n - A new domain bypass transient execution attack known as\n Special Register Buffer Data Sampling (SRBDS) has been\n found. This flaw allows data values from special\n internal registers to be leaked by an attacker able to\n execute code on any core of the CPU. An unprivileged,\n local attacker can use this flaw to infer values\n returned by affected instructions known to be commonly\n used during cryptographic operations that rely on\n uniqueness, secrecy, or both.(CVE-2020-0543)\n\n - In the Linux kernel before 5.4.16, a race condition in\n tty->disc_data handling in the slip and slcan line\n discipline could lead to a use-after-free, aka\n CID-0ace17d56824. This affects drivers/net/slip/slip.c\n and drivers/net/can/slcan.c.(CVE-2020-14416)\n\n - The flow_dissector feature in the Linux kernel 4.3\n through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs\n because the auto flowlabel of a UDP IPv6 packet relies\n on a 32-bit hashrnd value as a secret, and because\n jhash (instead of siphash) is used. The hashrnd value\n remains the same starting from boot time, and can be\n inferred by an attacker. This affects\n net/core/flow_dissector.c and related\n code.(CVE-2019-18282)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13\n mishandles attempts to access disabled memory\n space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect\n in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)\n\n - A flaw was found in the ZRAM kernel module, where a\n user with a local account and the ability to read the\n /sys/class/zram-control/hot_add file can create ZRAM\n device nodes in the /dev/ directory. This read\n allocates kernel memory and is not accounted for a user\n that triggers the creation of that ZRAM device. With\n this vulnerability, continually reading the device may\n consume a large amount of system memory and cause the\n Out-of-Memory (OOM) killer to activate and terminate\n random userspace processes, possibly making the system\n inoperable.(CVE-2020-10781)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1892\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?210b9b25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:16:08", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5755 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. (CVE-2020-12657)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (CVE-2019-15220)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power. (CVE-2020-12652)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. (CVE-2019-19536)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5755)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15214", "CVE-2019-15220", "CVE-2019-19054", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19536", "CVE-2019-3846", "CVE-2019-7308", "CVE-2020-0543", "CVE-2020-10690", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-12464", "CVE-2020-12652", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12655", "CVE-2020-12657", "CVE-2020-12770"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5755.NASL", "href": "https://www.tenable.com/plugins/nessus/138418", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5755.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138418);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2019-3846\",\n \"CVE-2019-7308\",\n \"CVE-2019-15214\",\n \"CVE-2019-15220\",\n \"CVE-2019-19054\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2020-0543\",\n \"CVE-2020-10690\",\n \"CVE-2020-10711\",\n \"CVE-2020-10757\",\n \"CVE-2020-12464\",\n \"CVE-2020-12652\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12655\",\n \"CVE-2020-12657\",\n \"CVE-2020-12770\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5755)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5755 advisory.\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because\n a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c\n related to bfq_idle_slice_timer_body. (CVE-2020-12657)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound\n subsystem because card disconnection causes certain data structures to be deleted too early. This is\n related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. (CVE-2019-19533)\n\n - An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious\n USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (CVE-2019-15220)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on\n pointer arithmetic in various cases, including cases of different branches with different state or limits\n to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows\n local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a\n double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this\n bug is not as bad as it could have been because these operations are all privileged and root already has\n enormous destructive power. (CVE-2020-12652)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. (CVE-2019-19536)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5755.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.304.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5755');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.304.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.304.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.304.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.304.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.304.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.304.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.304.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:22:24", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.(CVE-2019-20806)A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CV
SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1767-1)
