The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2324-1 advisory.
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. (CVE-2019-25045)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. (CVE-2020-26558)
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel (CVE-2021-0512)
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 (CVE-2021-0605)
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. (CVE-2021-33624)
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2324-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151653);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2019-25045",
"CVE-2020-24588",
"CVE-2020-26558",
"CVE-2020-36386",
"CVE-2021-0129",
"CVE-2021-0512",
"CVE-2021-0605",
"CVE-2021-33624",
"CVE-2021-34693"
);
script_xref(name:"SuSE", value:"SUSE-SU-2021:2324-1");
script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2324-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple
vulnerabilities as referenced in the SUSE-SU-2021:2324-1 advisory.
- An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free,
related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. (CVE-2019-25045)
- The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent
Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an
adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)
- Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby
man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication
procedure) by reflection of the public key and the authentication evidence of the initiating device,
potentially permitting this attacker to complete authenticated pairing with the responding device using
the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit
at a time. (CVE-2020-26558)
- An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-
bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
- Improper access control in BlueZ may allow an authenticated user to potentially enable information
disclosure via adjacent access. (CVE-2021-0129)
- In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to
a heap buffer overflow. This could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-173843328References: Upstream kernel (CVE-2021-0512)
- In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This
could lead to local information disclosure in the kernel with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
(CVE-2021-0605)
- In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because
of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a
side-channel attack, aka CID-9183671af6db. (CVE-2021-33624)
- net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from
kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1103990");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1103991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1104353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1113994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1114648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1129770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1135481");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1136345");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174978");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1182470");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185486");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185861");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185863");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186264");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186463");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186515");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186519");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186520");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186521");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186524");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186525");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186527");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186529");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186530");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186531");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186532");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186533");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186534");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186535");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186537");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186538");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186539");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186540");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186541");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186545");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186546");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186548");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186549");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186550");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186551");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186627");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186635");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186698");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186700");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187049");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187404");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187407");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187408");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187409");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187411");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187412");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187452");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187595");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187833");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188010");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-25045");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-24588");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26558");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36386");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-0129");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-0512");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-0605");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33624");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-34693");
# https://lists.suse.com/pipermail/sle-security-updates/2021-July/009141.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6f67c61");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-36386");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-0512");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/11");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-kgraft");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_77-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES12" && (! preg(pattern:"^(3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-default-base-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-default-devel-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-default-man-4.12.14-122.77.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-devel-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-macros-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-source-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-syms-4.12.14-122.77.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'cluster-md-kmp-default-4.12.14-122.77.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'cluster-md-kmp-default-4.12.14-122.77.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'cluster-md-kmp-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'dlm-kmp-default-4.12.14-122.77.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'dlm-kmp-default-4.12.14-122.77.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'dlm-kmp-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'gfs2-kmp-default-4.12.14-122.77.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'gfs2-kmp-default-4.12.14-122.77.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'gfs2-kmp-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'ocfs2-kmp-default-4.12.14-122.77.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'ocfs2-kmp-default-4.12.14-122.77.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'ocfs2-kmp-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},
{'reference':'kernel-default-kgraft-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},
{'reference':'kernel-default-kgraft-devel-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},
{'reference':'kgraft-patch-4_12_14-122_77-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},
{'reference':'kernel-obs-build-4.12.14-122.77.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},
{'reference':'kernel-obs-build-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},
{'reference':'kernel-default-extra-4.12.14-122.77.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},
{'reference':'kernel-default-extra-4.12.14-122.77.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},
{'reference':'kernel-default-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-default-base-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-default-devel-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-default-man-4.12.14-122.77.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-devel-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-macros-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-source-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-syms-4.12.14-122.77.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | cluster-md-kmp-default | p-cpe:/a:novell:suse_linux:cluster-md-kmp-default |
novell | suse_linux | dlm-kmp-default | p-cpe:/a:novell:suse_linux:dlm-kmp-default |
novell | suse_linux | gfs2-kmp-default | p-cpe:/a:novell:suse_linux:gfs2-kmp-default |
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-extra | p-cpe:/a:novell:suse_linux:kernel-default-extra |
novell | suse_linux | kernel-default-kgraft | p-cpe:/a:novell:suse_linux:kernel-default-kgraft |
novell | suse_linux | kernel-default-kgraft-devel | p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34693
www.nessus.org/u?a6f67c61
bugzilla.suse.com/1103990
bugzilla.suse.com/1103991
bugzilla.suse.com/1104353
bugzilla.suse.com/1113994
bugzilla.suse.com/1114648
bugzilla.suse.com/1129770
bugzilla.suse.com/1135481
bugzilla.suse.com/1136345
bugzilla.suse.com/1174978
bugzilla.suse.com/1179610
bugzilla.suse.com/1182470
bugzilla.suse.com/1185486
bugzilla.suse.com/1185677
bugzilla.suse.com/1185701
bugzilla.suse.com/1185861
bugzilla.suse.com/1185863
bugzilla.suse.com/1186206
bugzilla.suse.com/1186264
bugzilla.suse.com/1186463
bugzilla.suse.com/1186515
bugzilla.suse.com/1186516
bugzilla.suse.com/1186517
bugzilla.suse.com/1186518
bugzilla.suse.com/1186519
bugzilla.suse.com/1186520
bugzilla.suse.com/1186521
bugzilla.suse.com/1186522
bugzilla.suse.com/1186523
bugzilla.suse.com/1186524
bugzilla.suse.com/1186525
bugzilla.suse.com/1186526
bugzilla.suse.com/1186527
bugzilla.suse.com/1186528
bugzilla.suse.com/1186529
bugzilla.suse.com/1186530
bugzilla.suse.com/1186531
bugzilla.suse.com/1186532
bugzilla.suse.com/1186533
bugzilla.suse.com/1186534
bugzilla.suse.com/1186535
bugzilla.suse.com/1186537
bugzilla.suse.com/1186538
bugzilla.suse.com/1186539
bugzilla.suse.com/1186540
bugzilla.suse.com/1186541
bugzilla.suse.com/1186542
bugzilla.suse.com/1186543
bugzilla.suse.com/1186545
bugzilla.suse.com/1186546
bugzilla.suse.com/1186547
bugzilla.suse.com/1186548
bugzilla.suse.com/1186549
bugzilla.suse.com/1186550
bugzilla.suse.com/1186551
bugzilla.suse.com/1186552
bugzilla.suse.com/1186554
bugzilla.suse.com/1186555
bugzilla.suse.com/1186556
bugzilla.suse.com/1186627
bugzilla.suse.com/1186635
bugzilla.suse.com/1186638
bugzilla.suse.com/1186698
bugzilla.suse.com/1186699
bugzilla.suse.com/1186700
bugzilla.suse.com/1186701
bugzilla.suse.com/1187038
bugzilla.suse.com/1187049
bugzilla.suse.com/1187402
bugzilla.suse.com/1187404
bugzilla.suse.com/1187407
bugzilla.suse.com/1187408
bugzilla.suse.com/1187409
bugzilla.suse.com/1187411
bugzilla.suse.com/1187412
bugzilla.suse.com/1187452
bugzilla.suse.com/1187453
bugzilla.suse.com/1187455
bugzilla.suse.com/1187554
bugzilla.suse.com/1187595
bugzilla.suse.com/1187601
bugzilla.suse.com/1187630
bugzilla.suse.com/1187631
bugzilla.suse.com/1187833
bugzilla.suse.com/1187867
bugzilla.suse.com/1187972
bugzilla.suse.com/1188010
www.suse.com/security/cve/CVE-2019-25045
www.suse.com/security/cve/CVE-2020-24588
www.suse.com/security/cve/CVE-2020-26558
www.suse.com/security/cve/CVE-2020-36386
www.suse.com/security/cve/CVE-2021-0129
www.suse.com/security/cve/CVE-2021-0512
www.suse.com/security/cve/CVE-2021-0605
www.suse.com/security/cve/CVE-2021-33624
www.suse.com/security/cve/CVE-2021-34693